on  your  outsourcing  deal? 
Some  vendors  are  making 
it  harder  for  CIOs  to  tell. 
Here’s  what  you  can  do. 
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With  network  security,  if  you’re  not 

ahead  of  the  threat... 


you  ’re  cleaning 


up  behind  it. 
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Let  Internet  Security  Systems  stop 
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network  threats  before  they  shut  down  your  business 


How  do  you  ensure  compliance  and  manage  costs  when  your  security  is  less  than  certain? 

Even  "zero-day"  solutions  aren't  fast  enough  to  protect  against  losses  once  an  Internet  attack  hits. 

The  alternative  is  preemptive  security  from  Internet  Security  Systems  (ISS).  Because  our  enterprise  solutions  are 
based  on  the  world's  most  advanced  vulnerability  research,  only  ISS  can  offer  preemptive  security  and  stop 
threats  More  they  impact  your  business.  So  why  rely  on  "reaction"  when  security  can  be  a  sure  thing? 


Need  proof?  Get  a  free  whitepaper,  Preemptive  Security: 

Changing  the  Rules,  at  www.iss.net/proof  or  call  today  at  800-776-2362. 


NETWORK  &  HOST  INTRUSION  PREVENTION 

©2007  Internet  Security  Systems  Incorporated.  All  rights  reserved  worldwide. 
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Q  Internet  |  Security  |  Systems® 

Ahead  of  the  threat 
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Leaders  Wanted/CIO  Challenge  Series 


Challenge  #4: 

Deliver  business  intelligence  that  inspires  everyone,  even  your  CEO. 


Solution: 

Hyperion — your  management  system  for  the  global  enterprise. 

Here’s  the  paradox:  If  you  give  every  department  the  Bl  they  want,  nobody 
gets  the  Bl  they  really  need.  So  how  do  you  transform  Bl  into  a  strategic  tool 
that  guides  the  enterprise  at  every  level?  Only  Hyperion®  System™  9  BI+™ 
lets  you  produce,  manage  and  deliver  strategic  Bl  that  integrates  your 
financial  and  operational  data.  The  result:  information-rich  reports  that 
allow  management  to  more  accurately  predict  the  future.  More  insights, 
fewer  reports.  Isn’t  that  what  smart  Bl  is  ail  about? 


FIND  OUT  HOW  TO  PUT  THE  BUSINESS 
IN  BUSINESS  INTELLIGENCE. 

Go  to  http://smartbi.hyperion.com 

#  Hyperion” 

The  future  in  sight 


©  2007  Hyperion  Solutions  Corporation.  All  rights  reserved.  "Hyperion  "the  Hyperion  logo,  and  Hyperion’s  product  names  are  trademarks  of  Hyperion.  References  to  other  companies  and  their 
products  use  trademarks  owned  by  the  respective  companies  and  are  for  reference  purpose  only. 
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34  An  Architecture 
for  the  Future 
systems  design  You  can’t  build 
a  robust,  agile  enterprise  architecture 
on  the  fly.  You  gotta  make  plans. 

By  James  M.  Kerr 
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leadership  Character  is  an  essential 
element  of  leadership.  Here’s  how  to 
develop  yours  and  let  it  shine. 
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i.t.  spending  Rising  energy  costs  are 
short-circuiting  performance  gains  from 
faster,  cheaper  servers.  Fortunately,  there 
are  steps  you  can  take  to  keep  your  costs 
inline.  By  Kenneth  G.  Brill 
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with  NeuStar. 
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DNS  -  DHCP  -TRAFFIC  MANAGEMENT 


When  you've  already  spent  millions  on  a  state-of-the-art  network  to  support  your  critical  business  processes, 
and  you're  contemplating  investing  even  more  to  realize  the  enormous  economic  benefits  of  IP-based  com¬ 
munications,  you  need  the  very  best  DNS  infrastructure. 

NeuStar's  suite  of  managed  DNS  services  delivers  carrier-class  performance,  comprehensive  security, 
massive  scalability,  24/7  monitoring,  and  expert  support  from  developers  and  engineers  -  enabling  organiza¬ 
tions  to  focus  on  serving  customers  and  growing  their  businesses.  What's  more,  you'll  retain  complete 
administrative  control  over  your  DNS  environment  via  our  advanced  management  tools. 

Let  NeuStar  help  your  organization  scale  efficiently  and  transition  smoothly  to  the  communications  industry 
of  tomorrow.  Learn  more  at  www.neustarultraservices.com  or  call  toll-free  (888)  367-4812. 


NeuStar  is  a  registered  trademarks  of  NeuStar,  Inc.  ©  Copyright  2007  NeuStar,  Inc.  All  rights  reserved. 
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Dual-core. 
Do  more. 


.INFRASTRUCTURE  LOG 

_DAY  51:  The  time  and  money  it  takes  to  manage  these 
servers — not  to  mention  the  energy  we’re  wasting — is  out 
of  control.  We’re  literally  pouring  money  into  them: 

$50s,  $100s — they  even  take  euros. 

.Whoever  came  up  with  “add  an  app,  add  a  server”  forgot 
to  “add  an  ATM.” 

.DAY  53:  I’ve  taken  back  control  with  an  IBM  BladeCenter® 
with  Dual-Core  Intel®  Xeon®  processor  technology.  Its 
IBM  Director  gives  us  a  single  point  of  control,  so  we  can 
centrally  manage  routine  tasks,  and  IBM  PowerExecutive™ 
calibrates  cooling  and  system  processing  to  optimize 
power  usage.  Helping  save  time  and  money. 

_I  am  Ned.  I  am  so  money. 


IBM.COM/TAKEBACKCONTROL/BLADE 
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Is  Good 


Everyone  complains  about 
information  security  but  no 
one  does  anything  about  it. 
However,  if  breaches  begin  to 
exact  a  financial  penalty,  that 
surely  will  change. 
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Washington  Bureau  Chief  Allan  Holmes’s  “Bad  Neighborhood,”  on  Page  66,  is  a 
creepy  story  about  how  the  bad  guys  increasingly  are  targeting  resource-strapped 
mid-market  companies  for  their  hacks  and  scams.  In  other  words,  the  view  from  the 
security  window  is  growing  darker  for  every  enterprise,  big,  small  and  in-between. 

This  won’t  come  as  a  surprise  to  anyone  who  pays  even  the  slightest  attention  to 
security  issues.  When  has  there  ever  been  any  good  news?  When  have  you  ever  read 
that  the  forces  of  evil  are  on  the  run,  that  the  good  guys  are  gaining  the  upper  hand, 
that  the  Internet  is  becoming  a  more,  not  less,  secure  place  to  do  business? 

Holmes  points  out  that  the  situation  is  par¬ 
ticularly  dire  in  the  mid-market  where,  citing 
our  2006  “Global  State  of  Information  Secu¬ 
rity”  survey  {www.cio.  com/091506),  he  notes 
that  “about  43  percent  of  mid-market  com¬ 
panies  have  annual  security  budgets  below 
$100,000,”  which  ain’t,  all  things  considered, 
a  lot.  His  story  goes  on  to  offer  tips  on  what 
mid-market  CIOs  can  do  to  shore  up  security 
given  their  limited  budgets. 

But  the  truth,  as  evidenced  by  January’s 
revelation  that  big-market  retailer  TJX  was 
hacked,  is  that  the  security  situation  is  dire  everywhere.  As  Holmes  reports  in  CIO’s 
“Information  Collective”  blog  ( blogs.cio.com ),  “more  than  100  million  identities  have 
been  stolen  or  exposed  since  February  2005.” 

So  is  there  any  good  news  on  the  horizon,  any  indication  that  this  endless  parade 
of  breaches  can  be  halted  or  even  slowed? 

Ironically,  the  TJX  hack  is  the  good  news.  Several  Massachusetts  banks  have  been 
able  to  link  fraudulent  credit  card  purchases  directly  to  the  TJX  breach— the  first  time 
this  has  happened.  And  why  is  that  good?  Because  once  losses  can  be  linked  to  specific 
breaches,  lawsuits  can  be  filed  claiming  damages.  And  once  lawsuits  are  filed,  the  ROI 
of  investing  in  security  suddenly  becomes  blindingly  obvious. 

It’s  like  in  the  NBA.  In  order  for  a  team  to  improve,  first  it  has  to  get  really  bad  so 
that  it  gets  a  shot  at  a  game-changing  draft  pick.  In  order  for  security  to  improve, 
business  has  to  suffer. 

Several  years  ago,  CSO  Senior  Editor  Scott  Berinato  wrote  a  story,  “Finally,  a  Real 
Return  on  Security  Spending”  {www.cio. com/021502),  in  which  he  suggested  that  “the 
insurance  industry  in  all  likelihood  will  be  the  engine  that  drives  the  technology  of 
security.  Software  vendors  will  be  forced  to  fix  the  holes  in  their  products  in  order  to 
benefit  from  lower  premiums.” 

As  long  as  a  business  feels  it’s  done  all  it  can  by  advising  customers  (as  TJX  did)  to 
check  their  credit  card  statements,  nothing  will  change. 

But  a  punch  in  the  wallet:  Now  that  ought  to  focus  an  enterprise’s  attention. 

David  Rosenbaum,  Editor 

drosenbaum(a)cio.com 
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TURN  FOR  THEIR  IT  NEEDS? 

TO  THE  BIGGEST  IT  COMPANY  YOU’VE  PROBABLY  NEVER  HEARD  OF... 


Presenting  Tata  Consultancy  Services,  TCS,  the  creator  of  the  Network  Delivery  Model 
for  software  development.  For  over  37  years  TCS  has  been  the  provider  of  choice  for 
hundreds  of  customers  around  the  globe,  including  seven  of  the  top  ten  FORTUNE  5 1 00 
companies.  TCS,  with  revenues  of  $2.97  billion  in  FY  2005/06,  serves  its  customers 
with  over  78,000  expert  associates  from  60  countries  around  the  globe,  including 
10,000  employees  in  50  locations  throughout  the  U.S. 

It’s  time  you  got  to  know  the  biggest  IT  company  you’ve  probably  never  heard  of. 
For  a  more  complete  introduction,  email  marketing@usa-tcs.com  or  visit  us  online 
at  www.tcs.com. 
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Bricklayers  "fl"  Us 

If  we  don’t  change  our  education  system,  that’s  our  future 

Tom  Friedman  is  right.  Our  world  is  flat.  And  it’s 
getting  flatter  all  the  time— especially  for  us. 

“Tough  Choices  for  Tough  Times,”  a  new  report  from 
the  National  Center  on  Education  and  the  Economy 
(largely  funded  by  the  Annie  E.  Casey  Foundation,  the 
Bill  and  Melinda  Gates  Foundation,  the  William  and 
Flora  Hewlett  Foundation  and  the  Lumina  Foundation 
for  Education),  says  that  unless  America  changes  how 
it  educates  its  citizens,  our  economy  will  be  flattened— 
KO’d— by  more  educated  ones. 

The  report  claims  that  “the  core  problem  facing  America  is  that  our  education  and 
training  systems  were  built  for  another  era.”  Like,  say,  the  19th  century. 

Those  systems  built  America  into  the  20th  century’s  supereconomy  but  they  won’t 
work  in  the  21st  century,  where  we  will  be  competing  with  newer,  more  nimble,  more 
educated  economies  that  do  not  have  our  last-century  look  and  baggage. 

One  of  my  favorite  vignettes  from  Friedman’s  best-selling  The  World  Is  Flat  is 
the  one  in  which  he  interviewed  the  mayor  of  a  Chinese  city  (there  are  23  cities  with 
1  million  or  more  residents  in  the  People’s  Republic;  there  are  only  nine  in  the  United 
States)  who  told  him  that  while  Chinese  workers  are  content  today  to  be  the  “brick¬ 
layers”  of  the  global  economy,  their  aspiration  is  to  become  its  “architects.”  With 
China  now  producing  nearly  five  times  as  many  science,  technology,  engineering 
and  math  graduates  as  the  United  States,  it  won’t  be  long  before  that  aspiration  is 
realized.  And  unless  Washington  seriously  considers  the  findings  of  “Tough  Choices 
for  Tough  Times,”  it  won’t  be  long  before  we  become  the  bricklayers. 

The  report  offers  a  10-step  program  for  upgrading  America’s  education  system  to 
21st-century  global  standards.  One  of  its  more  provocative  suggestions  is  this:  Train 
and  deploy  a  teaching  force  recruited  from  the  top  third  of  the  high  school  students 
going  to  college  each  year,  our  nation’s  best  and  brightest. 

This  report  is  not  just  another  product  of  Washington’s  think  tanks,  all  gloom  and 
doom.  It’s  important  that  we  invest  in  changing  the  way  we  educate  our  citizens. 

As  the  report’s  title  says,  these  are  tough  choices  for  tough  times.  Write  to  me  at 
gbeach@cio.com  and  I’ll  send  you  a  copy  of  the  report. 


gbeach@cio.com 
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ADVERTISEMENT 


Performance,  Reliability, 
System  Health 

Strategic  IT  Approaches  to  Business  Growth 


You  think  strategically  about  supply  chain 
management,  SO  A,  virtualization  and  so  on.  But 
are  you  thinking  strategically  about  the 
performance  reliability  and  health  of  the  systems 
your  business  depends  on? 

At  the  very  core  of  business  activity  are  the  systems  and 
processes  used  to  achieve  day-to-day  production.  Any 
stop,  slow  or  difficulty  on  this  line  is  unacceptable  in 
achieving  business  goals. 

With  strategic  projects  looming  on  the  horizon,  IT 
cannot  afford  to  be  stuck  in  "break-fix"  mode,  handling 
user  help  desk  calls  and  doing  simple  manual 
maintenance  tasks  just  to  keep  productivity  going.  With 
the  shortage  in  IT  staff,  the  ones  you  have  need  to  be 
utilized  to  complete  your  projects. 

A  more  strategic  approach  to  system 
performance  and  reliability  is  needed. 

Increase  user  productivity. 

A  slow  system  equals  lost  productivity.  Even  waiting  5 
extra  seconds  every  time  users  open  a  Word  document 
can  cause  hundreds  of  hours  in  lost  production. 
Perform  automatic,  real-time  system  maintenance  to 
increase  performance  and  reliability. 

Gain  IT  staff  time  for  more  important  projects 

Crashes  and  system  freezes;  slow  boot  times  and  boot 
failures;  slow  back  up  times  and  aborted  backup;  file 
corruption  and  data  loss;  hard  drive  failures  all  waste 
valuable  IT  staff  time.  Handle  the  major  cause  of  these 
problems  automatically  and  use  these  freed-up  IT  staff 
for  key  business  projects. 

Increase  stability  of  new  implementations 

Having  gone  live  and  implemented  a  new  project,  it 
would  be  a  shame  to  have  it  be  slow  and  sluggish  with 
resulting  user  complaints!  Keep  new  implementations 
running  at  peak  performance  -  automatically. 

Improve  customer  service  and  support  -  globally 

"Service"  is  the  watchword  for  any  successful  company. 
Thus  anything  that  keeps  a  customer  waiting  or  un¬ 
serviced  can  be  a  death  sentence  for  a  business.  Increasing 
server  uptime  improves  service  to  a  customer.  Keep 
servers  performing  at  peak  and  reliably  automatically. 


Take  some  much  needed  planning  time 

With  customers  happier,  users  more  productive,  the  IT 
department  humming  along  with  increased  efficiency, 
use  this  "bought  time"  to  plan  -  collaborate  more  with 
the  business  side  on  what  IT  can  do  to  improve  business. 

Diskeeper®  2007 

Maximizing  performance  and  reliability  -  Automatically 

With  Diskeeper  installed  systems  run  better  -  period! 
Slows  disappear,  crashes  and  hangs  are  a  thing  of  the 
past,  customers  and  users  are  happier  and  staff  get  more 
done.  And  best  of  all,  performance,  reliability  and  disk 
health  are  all  increased  automatically,  in  real  time  with 
no  drain  on  system  resources.  Diskeeper  uses  innovative 
technology  to  run  undetectable,  in  the  background  and 
keep  your  systems  running  at  peak  24/7. 

Strategically  speaking,  every  system  performing  at  peak  is 
the  basic  building  block  from  which  to  enable  business 
growth  -  Diskeeper  installed  company- wide  provides  this. 

Do  you  have  Diskeeper? 

Chances  are  likely  that  you  have  Diskeeper  installed  on 
at  least  some  of  the  systems  within  your  company. 
These  desktops,  laptops  and/or  servers  are  being 
maintained  at  peak  performance  and  reliability  -  all 
automatically,  quietly  and  with  no  intervention 
required  from  users  or  IT  staffers. 

Contact  your  IT  Director  and  find  out  if  you  have 
Diskeeper  (if  not  he  can  download  a  free  trial  at 
www.diskeeper.com/cio3).  Ask  "Why  isn't  Diskeeper 
on  every  system?"  If  he  is  on-the-ball,  he'll  say  "we  are 
on  to  it  right  away!" 


For  more  info  or  for  full  technical  white  papers  visit: 

www.diskeeper.com/cioresources 


Maximum  System  Performance  and  Reliability  —  Automatically 1M 


Volume  licensing  and  Government/ Education  discounts 
are  available  from  your  favorite  reseller  or  call 
800-829-6468  code  9261 


©  2007  Diskeeper  Corporation.  All  Rights  Reserved.  Diskeeper,  the  Diskeeper  Corporation  logo  and  Maximum  System  Performance  and 
Reliability  —  Automatically  are  either  registered  trademarks  or  trademarks  of  Diskeeper  Corporation  in  the  United  States  and/ or  other 
countries.  Diskeeper  Corporation,  7590  N.  Glenoaks  Blvd.,  Burbank,  CA  91504 
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The  HP  BladeSystem  c-Class,  powered  by  the  Dual-Core  Intel®  Xeon®  Processor,  gives  your  IT  department  the  freedom  to 
spend  less  time  on  day-to-day  operations  so  they  can  focus  more  time  on  pursuing  innovations  for  the  company.  The  HP 
BladeSystem  comes  equipped  with  features  like  Virtual  Connect  Architecture,  which  virtualizes  LAN/SAN  settings  and 


drastically  improves  IT  response  times  and  service  levels.  Just  imagine  the  possibilities  when  you  set  IT  free. 


Call  1-877-726-8112 
Visit  hp.com/go/setlTfree25 
Find  a  reseller:  hp.com/go/ reseller 


HP  BladeSystem  c7000  Enclosure  with 
BL460c  and  BL480c  server  blades 


When  he  has  the  time, 

Pete  works  on  his 
idea  for  an  application 
that  would  allow 
seamless  collaboration 
between  offices. 

But  he  spent  most  of 
today  riding  in  the 
elevator  between  his 
office  and  the  data  center. 

Set  IT  free 


pete  ANDERSON 

IT  SPECIALIST 


Dual-Core  is  a  new  technology  designed  to  improve  performance  of  multithreaded  software  products  and  hardware-aware  multitasking  operating  systems  and  may  require  appropriate  operating  system  software  for  full  benefit;  check 
with  software  provider  to  determine  suitability;  not  all  customers  or  software  applications  will  necessarily  benefit  from  use  of  this  technology.  Intel's  numbering  is  not  a  measurement  of  higher  performance.  Intel,  the  Intel  Logo.  Xeon 
and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  The  information  contained  herein  is  subject  to  change  without  notice  ©2007  Hewlett-Packard 
Development  Company,  L.P. 
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Kudos 

I  am  a  CIO  at  a  Fortune  150  company.  I 
moved  into  my  current  role  about  a  year 
ago  after  spending  most  of  my  career  on 
the  business  side  of  my  organization. 

As  you  can  imagine,  I  get  bombarded 
with  different  IT- related  periodicals,  news¬ 
letters  and  e-mails.  There  is  not  enough 
time  to  read  all  the  material  I  receive,  so 
I  have  to  be  selective.  I  have  been  reading 
CIO  consistently  for  a  year  now,  and  I  have 
to  tell  you  that  it  is  by  far  the  most  valu¬ 
able  industry  periodical  that  I  read.  Your 
articles  always  seem  to  hit  on  very  relevant 
topics  and  are  written  in  an  interesting  and 
informative  way.  Your  Dec.  1  issue  is  a  great 
example  of  this.  The  article  on  enterprise 
architecture  and  how  to  implement  SOA 
[“The  Four  Stages  of  Enterprise  Architec¬ 
ture”]  and  the  one  on  vendor  management 
[“The  ROI  of  Nice”]  were  very  timely  for  me 
and  provided  a  great  framework  for  evalu- 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to 
ietters@cio.com.  Letters  may  be  edited 
for  length  or  clarity.  For  a  link  to  the  articles 

mentioned,  go  to  www.cio.com/archive 

cio.com 


ating  both  of  these  topics.  They  provided 
me  with  practical  information  that  I  could 
use  immediately. 

Please  keep  up  the  good  work.  I  rely 
on  your  publication  to  supplement  my 
knowledge  and  be  effective  in  my  job. 

GREGOBERLAND 

CIO,  Northwestern  Mutual 

On  an  Even  Keel 

Just  wanted  express  my  enjoyment  of 
the  Windows  vs.  Linux  vs.  OS  X  article 
[“The  Great  OS  Experiment,”  Dec.  1].  I’m 
a  rather  avid  Mac  enthusiast  (though  I 
carry  a  T40  for  work,  and  run  some  analy¬ 
sis  software  on  a  Linux  box),  but  I  found 
your  article  very  balanced  and  a  nice  read. 
I  think  this  is  one  of  the  few  articles  I  have 
read  that  really  gives  each  platform  a  fair 
chance,  plus  your  second  opinion  expert 
gave  the  piece  real  credibility  rather  than 
the  FUD  that  is  usually  thrown  around 
when  you  get  a  platform  showdown. 

MATTHEW  K.  HARRISON 

Cummings  Bay  Capital 

Architecting  the  Next  Step 

Regarding  “The  Four  Stages  of  Enter¬ 
prise  Architecture”  [Dec.  1],  in  many  (if  not 
most)  organizations,  architecture  remains 
an  undervalued  skill.  The  introduction 
of  a  service-oriented  architecture,  to  my 
mind,  really  means  two  things: 

1.  The  business  must  be  architected 
as  much  as  data,  applications  and  infra¬ 
structure.  In  a  way,  some  of  the  flexibility 
sought  is  because  we  don’t  architect  the 
business  properly.  The  business  consists 
of  components,  modules  and  so  on,  and 
someone  needs  to  structure  these  things 
in  a  way  that  suits  the  organization  the 
best— that  is,  architect  them. 

2.  As  for  the  IT  side  of  things,  we  must 
just  do  the  things  we  have  always  said 


were  important  and  architect  all  our  criti¬ 
cal  components  and  optimize  this  archi¬ 
tecture.  That’s  the  whole  purpose  of  the 
architecture.  This  is  nothing  new,  we  must 
just  do  it! 

So,  if  we  want  to  use  the  SOA  band¬ 
wagon,  I  don’t  mind,  but  let’s  at  least  be 
clear  why  we  are  doing  it.  Let’s  architect 
both  the  business  and  IT  and  optimize  it 
for  the  organization  in  question. 

THOMAS  DIRKSE 

IT  Consultant 

Less  Is  More? 

I'm  struggling  with  the  approach  of 
adding  more  tools  to  fix  problems  that 
are  generated  from  having  too  many  tools 
[“Knowledge  Management  2.0,”  Dec.  1], 
After  recently  experiencing  a  significant 
cultural  transformation  at  our  company, 
I  am  far  more  focused  on  root  cultural 
issues  of  communication  and  ownership 
rather  than  throwing  more  “knowledge 
management”  tools  on  top  of  already 
stressed  internal  “systems.” 

If  I  had  to  read  5,000  blogs  to  find  out 
what  was  going  on  in  my  company,  I  would 
probably  never  leave  my  office  and  talk  to 
anyone  because  I  was  too  busy  reading 
about  what  was  going  on!  There  is  a  big¬ 
ger  issue  at  the  heart  of  corporate  culture 
transformation.  Webpages  and  blogging 
won’t  address  it. 

STEVE  ROMEO 

Director  of  IT 
Breg/Orthofix 

CORRECTION 

In  our  Jan.  1  story  “Something  New”  [The 
Innovation  Agent],  we  misinterpreted  a 
statement  by  Calico  Corners  CIO  Janet 
Sherlock.  Calico  Corners  does,  in  fact,  sell 
out  of  its  retail  stores.  We  apologize  for  any 
confusion  this  has  created. 
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3PAR  THIN  PROVISIONING 

Good  for  your  business. . . 
Carbon  neutral  for  the  planet 


FEWER  DISK 
DRIVES 


REDUCED 

ENERGY 


FEWER  CARBON 
EMISSIONS 


For  every  terabyte  of  disk  drives  sold  with 
3PAR  Thin  Provisioning  in  2007,  3PAR  will 
purchase  the  carbon  credits  to  offset  the 
emissions  of  one  terabyte  of  disk  drives. 
The  result:  carbon  neutral  storage. 


3PAR  Utility  Storage  with  Thin  Provisioning  is 

revolutionizing  the  mission-critical  data  center. 
3PAR  customers  can  buy  half  the  storage 
capacity  required  with  traditional  storage  arrays, 
reducing  capital  costs,  energy  consumption  and 
carbon  emissions. 


Learn  more  about  3PAR  Thin  Provisioning  and  the  Carbon  Neutral  Program  at  www.3par.com/green 
or  contact  us:  salesinfo@3pardata.com  or  1-888-3PAR-226  extension  2. 


3  PAR 

Serving  Information 


Think  Thin.  Think  Green.  Think  3PAR. 


ENTERPRISE  INTELLIGENCE  PLATFORM 

DATA  INTEGRATION 

INTELLIGENCE  STORAGE 

BUSINESS  INTELLIGENCE 

ANALYTICS 


Challenged  with  balancing  efforts  to  support  strategic  initiatives  while  still  lowering  operational 
costs?  SAS  takes  you  beyond  traditional  Bl  query  and  reporting  to  a  higher  level  of  shared 
decision  making  that  drives  innovation.  Our  fully  integrated  Enterprise  Intelligence  Platform  sets  the 
foundation,  linking  technologies  for  data  integration  and  storage,  reporting  and  analysis.  Proven 
software,  industry-specific  solutions  and  domain  experience  extend  the  value  of  your  investment. 
Bridging  the  gap  between  what  you  have  -  growing  expectations  to  deliver  a  return  on  investment 
-  and  what  you  want  to  achieve  -  increased  profits,  reduced  risk  and  improved  performance. 

Want  Proof?  Find  out  why  SAS  is  at  work  in  96  of  the  top  100  companies  on  the  FORTUNE 
Global  500"  —  with  customer  retention  rates  exceeding  98%  annually  for  30  years. 

f  www.sas.com/innovation  ■  Free  white  paper 
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SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration.  Other  brand  and  product  names  are  trademarks  of  their  respective 
companies.  ©  2006  SAS  Institute  Inc.  All  rights  reserved.  378042US.0406 
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A  Passage  to  India 


globalization  One  of  the 

mantras  reverberating  through  the 
halls  of  America’s  universities  is  that 
business  is  global.  But  what  does 
that  really  mean?  That’s  what  25 
MBA  students  from  Babson  College 
in  Wellesley,  Mass.,  set  out  to  learn 
when  they  traveled  to  India  in  Janu¬ 
ary.  (Full  disclosure:  My  wife  was 
one  of  them  and  I  traveled  along.)  On 
their  two-week  trip  they  met  with 
business  leaders  and  politicians,  and 
even  visited  a  Bollywood  movie  set. 

“The  world  really  is  flatter,”  says 
Jessica  Yang,  one  of  the  students. 

One  reality:  Yang  and  an  increasing 
number  of  U.S.  managers  will  have  to 


interact  with  employees,  outsourcers 
or  customers  in  India.  These  students 
gained  communication  skills  and  cul¬ 
tural  insights.  Such  lessons  included 
simple  things  like  facial  gestures  that 
say  “no”  to  Americans  may  mean 
nothing  to  Indians,  and  an  under¬ 
standing  that  many  people  in  India 
are  taught  to  say  yes,  not  no. 

Despite  fiber-optic  cable  that  lets 
work  pass  between  countries  in  no 
time  at  all,  the  differences  in  daily  life 
between  India  and  the  United  States, 
the  class  learned,  are  vast. 

For  all  the  talk  about  India  as  a 
technology  capital,  the  country  itself 
is  surprisingly  Continued  on  Page  18 


Delhi:  Not  as  high-tech  as  you  think 
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Daylight-Saving  Change  Requires  Easy  Fixes 


bug  alert  Don’t  hit  the  snooze  button  on  this  one,  IT 
managers:  Daylight-saving  time  has  moved  up  in  2007,  from 
the  first  Sunday  in  April  to  the  second  Sunday  in  March,  and 
lasts  longer,  until  the  first  Sunday  in  November.  The  change 
could  affect  some  IT  systems,  though  this  issue  certainly 
doesn’t  approach  the  scope  of  Y2K.  What  do  you  need  to 
check?  For  starters,  databases  (including  financial  and  pay¬ 
roll)  and  calendar  applications  may  require  updates. 

Major  vendors,  such  as  Microsoft,  Novell  and  IBM,  are 
alerting  customers  via  their  websites  of  system-related 
issues  that  they  may  face  after  the  daylight-saving  exten¬ 
sion— a  result  of  the  U.S.  Energy  Policy  Act  of  2005— takes 
effect. 

Microsoft  says  almost  a  dozen  of  its  prod¬ 
ucts  will  be  affected,  including  Outlook. 

Problems  could  arise  with  Microsoft’s 
calendar  and  scheduling  applica- 
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tions,  date  and  time  calculations  and  transaction  logging. 
Java-based  applications  and  punch-clock  systems  may 
also  be  affected,  says  Vince  Zambo,  a  technology  specialist 
at  CDW.  Some  older  punch-clock  systems  may  need  to  be 
replaced,  he  says. 

To  avoid  system  interruptions,  IT  departments  should 
check  their  software  vendors’  websites  for  fixes. 

“Ninety  percent  of  [the  fixes]  are  going  to  be  handled 
through  simple  patches,  and  some  of  the  fixes  will  be  auto¬ 
mated  through  updates,”  Zambo  says. 

Also  review  physical  plant  and  security  systems,  advises 
risk  mitigation  firm  Lee  Technologies:  You  may  need  firm¬ 
ware  updates  for  fire  panels,  UPS  units  and  genera¬ 
tor  control  systems,  or  patches  for  building 
management,  security  and  monitoring 
systems  running  on  Windows  or 
Linux.  -Katherine  Walsh 
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Find  Contacts 
In  the  Next  Cube 


relationship  management  If  you’re  in  a  service- 
oriented  industry  like  law,  banking  or  consulting,  it  may  be  time  to  take 
a  fresh  look  at  enterprise  relationship  management  (ERM)  software. 
Less  well-known  than  its  KM  and  CRM  cousins,  ERM  helps  profes¬ 
sionals  looking  to  drum  up  new  business  avoid  the  office-wide  e-mail 
plea  for  contacts  at  target  organizations.  Instead,  ERM  quickly  reports 
whether  a  colleague  next  door  or  across  the  country  can  connect  you. 

To  avoid  missing  potentially  profitable  connections,  Sheppard  Mul- 
lin,  an  AmLaw  100  firm  with  offices  throughout  California,  installed 
an  ERM  system  from  Contact  Networks.  The  firm,  which  has  nearly 
500  attorneys,  also  has  offices  in  New  York  and  Washington,  and  plans 
to  open  its  first  international  office  in  March.  The  expansion  “further 
increases  the  challenge  of  finding  out  who  knows  whom,”  says  CMO 
Victoria  Spang. 

When  an  attorney  queries  the  system,  the  software  tracks  e-mail 
patterns  to  detect  relationships,  ranks  relationships  according  to  their 
perceived  strength  and  then  reports  which  attorneys  have  contacts.  It’s 
up  to  the  attorneys  to  decide  what  happens  next. 

The  law  firm  does  not  provide  names  or  contact  information  directly, 
though  it  could.  (Contact  Networks  lets  customers  set  the  level  of 
privacy.)  The  software  can  search  address  books,  calendars,  e-mail 
and  the  like.  Sheppard  Mullin’s  marketing  and  IT  departments  opted 
for  the  highest-privacy  option.  Sheppard  Mullin  also  rejected  some 
hosted  ERM  options  because  it  didn’t  want  to  export  information 
beyond  its  firewall. 

Another  key  benefit  of  Contact  Networks’  product:  No  one  has  to 
update  data.  Unlike  typical  KM  and  CRM  programs,  the  application 
maintains  and  updates  information  itself. 

"It  helps  us  leverage  our  relationship  capital  with  little  human 
intervention,"  Paulson  says.  -Sara  Shay 


Can  You  Browse  Me  Now? 

All  the  talk  about  cell  phone  Web  applications  kind  of  reminds  you  of  the 
e-commerce  bubble  days,  doesn’t  it?  According  to  a  recent  comScore 
Networks  survey,  here's  what  U.S.  wireless  users  are  actually  doing  with 
their  cell  phones  today: 


50% 

30% 

17% 


subscribe  to  text-messaging  services 

subscribe  to  e-mail 

subscribe  to  Internet 

Of  that  17%  using  the  Net  via  the  phone,  35%  do  so  to  get 
ring-tone  downloads;  34%  seek  out  weather,  29%  get  news, 
25%  want  sports  info,  24%  use  local  search  and  21%  want  games; 
10%  say  they’re  paying  bills  this  way,  and  6%  are  shopping. 

SOURCE:  comScore  Networks 


Passage  to  India 

Continued  from  Page  17 
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low-tech.  The  airports  are  old,  the  big 
cities  dusty,  and  cows  wander  around 
the  streets,  even  in  tech  hubs  like  Ban¬ 
galore.  The  latter  makes  the  traffic- 
five  lanes  of  scooters,  cars,  trucks  and 
auto-rickshaws  somehow  squeezed 
onto  a  two-lane  road— all  the  more  har¬ 
rowing.  (Someone  in  the  United  States 
certainly  wouldn’t  want  to  gripe  about 
his  commute  to  a  coworker  in  India, 
who  typically  commutes  90  minutes 
each  way  in  this  traffic  maze.) 

“It’s  hard  to  know  how  a  culture 
does  business  without  actually  know¬ 
ing  the  culture,”  says  Jason  Spaulding, 
who  is  working  for  IBM  while  finishing 
school. 

While  a  largely  rural  voting  base 
doesn’t  approve  public  infrastructure 
projects  like  airports  and  roads,  private 
infrastructure  is  another  story,  the 
class  learned  when  meeting  the  India- 
based  executives  of  a  U.S.  financial 
services  company.  The  company,  whose 
Indian  headquarters  are  inside  a  mod¬ 
ern  glass  building  with  desks  and  con¬ 
ference  rooms  that  could  be  mistaken 
for  any  U.S.  office,  has  been  steadily 
shifting  high-end  IT  and  business  ana¬ 
lyst  jobs  to  India. 

The  executives  said  it  was  easier  to 
find  the  skills  they  needed  in  India,  but 
the  students  weren’t  biting.  The  skep¬ 
ticism  only  grew  when  they  learned 
what  the  company  paid  to  operate  in 
India:  about  $6,800  a  year  in  salary 
for  an  entry-level  IT  person  and  a  little 
more  than  a  dollar  a  square  foot  for 
rent  in  the  brand-new  office  building. 

After  the  meeting  the  students  all 
seemed  to  agree  that  the  cost  arbitrage 
was  the  real  reason  the  work  was  shift¬ 
ing— and  one  that  would  be  impossible 
to  ignore  when  they  graduate.  Those 
salaries,  low  by  U.S.  standards,  are 
fueling  India’s  middle  class. 

“I  feel  like  I  came  face-to-face  with 
the  reality  of  globalization,”  Yang  says. 

-Ben  Worthen 
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MULTIPLY  PROCESSING  PERFORMANCE 
AND  MAXIMIZE  RESPONSIVENESS. 


•Intel  internal  measurement  using  SPGCint_rate_Dase2000“  comparing  Intel  Xeon  E534S  to  Intel  Xeon  5160  For  more  information  visit  intel  com/performance  02007  Intel  Corporation  Intel,  the  Intel  logo,  mtel  Core, 
the  Intel  Core  logo.  Xeon,  Xeon  inside,  Intel.  Leap  ahead.,  and  the  Intel.  Leap  ahead,  logo  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  Ai;  rights  reserv  ■ 


Leap  ahead” 


THE  WORLD'S  FIRST  QUAD-CORE  PROCESSOR  FOR  MAINSTREAM  SERVERS. 

Multiply  your  possibilities  with  the  new  Quad-Core  Intel®  Xeon®  Processor  5300  series.  Delivering  up  to  50% 
more  performance*  within  the  same  power  envelope  than  previous  Xeon  processors,  64-bit  capable  Quad-Core 
Intel  Xeon  Processor  is  the  ultimate  in  powerful,  dense  and  reliable  computing.  Learn  more  at  intel.com/xeon 
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Telecommuting  Gets  a  Bad  Rap 


your  workforce  Given  today’s  affordable 
laptops,  sophisticated  enterprise  networks  and  widely 
available  home  broadband,  shouldn’t  working  from  the  office 
have  become  old-fashioned  by  now? 

It  turns  out  most  U.S.  workers  (70  percent)  still  commute 
to  work  every  day,  while  just  2  percent  telecommute  full¬ 
time,  according  to  the  2006  National  Technology  Readiness 
survey.  The  U.S.  share  of  telecommuters  would  grow  to 
25  percent  if  it  were  practiced  by  everyone  who  had  the 
option  to  telecommute  and  had  the  kind  of  job  amenable  to 
telecommuting,  and  this  would  save  $3.9  billion  per  year  in 
fuel  costs,  the  survey  says. 

Of  course,  this  means  not  everyone  who  has  the  capability 
and  desire  to  telecommute  does  so.  The  most  obvious  rea¬ 
son:  Senior  management  at  many  organizations  still  doesn’t 
encourage  or  even  allow  the  practice. 

A  recent  survey  of  U.S.  government  managers  (conducted 
by  Telework  Exchange  and  the  Federal  Managers  Associa¬ 
tion)  found  that  only  35  percent  believe  their  agencies  sup¬ 
port  telecommuting,  despite  the  fact  that  Congress  passed  a 
law  in  2000  requiring  that  federal  agencies  offer  it. 
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In  addition,  a  Korn/Ferry  International  survey  revealed 
that  61  percent  of  executives  think  that  telecommuters  are 
less  likely  to  advance  in  their  careers  when  compared  with 
employees  who  work  in  the  traditional  office  setting.  In  other 
words,  too  much  telecommuting  can  be  a  career  killer. 

Paradoxically,  the  majority  (a  whopping  78  percent)  of 
respondents  said  that  telecommuters  are  either  as  produc¬ 
tive  as  or  more  productive  than  those  who  work  in  offices. 

Why  is  telecommuting  getting  a  bad  rap?  CIOs  don’t  even 
want  to  discuss  it  on  the  record.  “I’m  ‘old  school,’  and  I  sup¬ 
pose  I  really  prefer  environments  where  the  employee  base 
is  visible,  the  energy  level  can  be  felt  and  the  ideas  can  be 
heard  flowing  around  the  office,”  says  the  senior  vice  presi¬ 
dent  of  IT  at  a  midsize  hospitality  and  resort  lodging  com¬ 
pany,  who  didn’t  want  to  be  identified. 

At  the  crux  of  the  issue,  he  asserts,  are  trust  and  produc¬ 
tivity.  “Managers  have  to  trust  the  telecommuter's  work 
ethic  and  must  have  a  measurable  approach  to  productivity. 
Employees  have  to  recognize  [the  manager’s  needs],  and 
demonstrate  their  productivity  even  more  so  when  remote 
and  stay  engaged  with  the  rest  of  the  hive.”  -Thomas  Wailgum 


Dotcom  CIOs  Back  in  Demand 


career  IT  executives  who 
left  startups  after  the  Internet 
bubble  burst  in  2001  had  a 
tough  time  finding  new  posi¬ 
tions.  It  wasn't  just  the  anemic 
job  market:  The  widespread  per¬ 
ception  among  traditional  com¬ 
panies  was  that  candidates  from 
dotcoms  were  undisciplined 
managers,  profligate  spenders 
and  senseless  risk-takers. 

Six  years  later,  though,  a  stint  with  a  startup 
or  Internet  company  on  an  executive’s  resume 
no  longer  poses  a  handicap.  In  some  cases,  it 
offers  a  distinct  advantage.  Paul  Groce,  the 
partner  in  charge  of  recruiter  Christian  &  Tim¬ 
bers'  CIO  practice,  says  companies  are  look¬ 
ing  for  leaders  who  are  creative,  willing  to  take 
chances  and  can  grow  a  company— qualities 


and  capabilities  found  on  the 
resumes  of  dotcom  vets.  “Large 
corporations’  appetites  for  risk 
have  returned,  budgets  have 
returned,  and  consolidation  and 
cost  rationalization  has  been 
done,”  he  says.  The  skills  dot¬ 
com  executives  honed  during 
the  boom  are  back  in  demand. 

Says  Groce's  colleague  Jef¬ 
frey  Shapiro:  “Brick-and-mor- 
tar  companies  are  seeking  out  IT  execs  who 
were  successful  and  had  some  measure  of 
longevity  with  a  Yahoo  or  a  good  startup, 
and  who  can  bring  those  Internet,  e-com¬ 
merce  and  Web  development  skills  to  help 
them  make  a  more  compelling  offering  on 
the  Web.” 

Flere  are  a  few  former  dotcom  CIOs  who 


recently— and  successfully— parlayed  their 
skills  and  experience  into  new  roles: 

Ted  Cahall  assumed  a  new  position  at  AOL 
as  executive  VP  of  its  platforms  business  unit. 
Fie  most  recently  worked  for  Classmates.com 
as  its  COO  and  previously  for  CNET  Networks 
as  its  CIO. 

David  Chamberlain,  a  former  CIO  of  Dis¬ 
ney’s  Go.com  portal,  was  named  president  of 
National  Interop.  Fie  was  selected  for  his  expe¬ 
rience  with  large  Internet  operations. 

Tom  Pastorello  joined  apparel  manufac¬ 
turer  Kellwood  as  its  new  director  of  e-com- 
merce,  reporting  to  CIO  Michael  Saunders. 
Pastorello  previously  worked  for  Barnes- 
andnoble.com  as  its  director  of  program 
management  and  for  Williams-Sonoma, 
where  he  developed  and  implemented 
e-commerce  sites.  -Meridith  Levinson 


David 

Chamberlain 


Read  Meridith  Levinson’s  MOVERS  AND  SHAKERS  blog  for  the  latest  moves.  Find  it  at  blogs.cio.com. 
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the  more  reliability  matters. 

Fujitsu  ETERNUS®  Storage  Systems:  Uncompromising 
reliability  for  your  most  demanding  applications. 
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To  help  enterprises  manage  the  flood  of  mission-critical  data,  Fujitsu  ETERNUS  Storage  Systems  deliver  the 
reliability  and  availability  data  centers  require.  For  continuous  data  access  and  easier  maintenance,  major 
components  are  highly  redundant  and  hot-swappable.  The  controller  modules’  software  can  also  be  upgraded 
without  shutting  down  or  rebooting.  A  built-in  statistical  failover  mechanism  ensures  stable  operation  by  disabling 
components  exhibiting  intermittent  failures.  Furthermore,  disk  data  encryption  using  1 28-bit  AES  provides  security 
against  data  theft.  Go  to  us.fujitsu.com/computers/reliability3  for  more  information. 


DATA  PROTECTION — Online,  efficient  disk-to-disk 
backup  using  tiered  storage 
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DISASTER  RECOVERY — Cost-effective,  secure 
remote  data  replication  over  iSCSI 
with  IPsec  data  encryption 


THE  POSSIBILITIES  ARE  INFINITE 
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BlackBerry 
Addiction 
Starts  atthe  Top 


MANAGEMENT  REPORT  Do  yOUr 

employees  have  a  “Crackberry”  problem?  Their  com¬ 
pulsive  BlackBerry  monitoring  could  backfire  on  you: 
Checking  e-mail  via  BlackBerry  gives  employees  a 
sense  of  control  but  leads  to  more  stress,  according 
to  a  recent  study  from  the  MIT  Sloan  School  of  Man¬ 
agement  that  examined  BlackBerry  use  and  organiza¬ 
tional  behavior.  And  this  problem  starts  at  the  top. 

Ninety  percent  of  individuals  at  the  company  stud¬ 
ied  said  they  felt  some  degree  of  compulsion  in  their 
BlackBerry  use.  They  check  their  messages  not  only 
on  evenings  and  weekends,  but  also  at  church,  at  the 
gym,  at  the  doctor’s  office  and  even  at  social  gather¬ 
ings.  All  this  despite  the  fact  that  their  company 
doesn’t  require  them  to  be  on  call. 

The  problem:  Senior  employees  often  establish 
a  pattern  that  subordinates  adopt.  If  everyone  in  an 
organization  has  a  BlackBerry,  continuous  connec¬ 
tion  becomes  the  norm,  says  Wanda  Orlikowski,  who 
coauthored  the  study  with  fellow  Sloan  professor 
JoAnne  Yates. 

Companies  can  help  their  employees  control 
BlackBerry  compulsion  by  being  clear  about  what 
normal  hours  for  checking  and  responding  to  mes¬ 
sages  are,  says  coauthor  and  doctoral  student 
Melissa  Mazmanian.  “These  norms  and  expectations 
should  be  accompanied  by  training  that  enables  peo¬ 
ple  to  learn  how  to  batch  and  queue  their  messages 
so  that  they  can  work  on  e-mails  when  convenient, 
without  sending  them  out  until  later,”  she  says. 

Some  companies  try  to  prohibit  BlackBerry  use 
during  meetings.  Orlikowski  says  some  organiza¬ 
tions  require  BlackBerrys  to  be  left  in  a  box  outside 
the  meeting  room.  If  that  seems  too  rigid,  you  might 
schedule  breaks  to  allow  people  to  check  e-mails. 

Another  tip:  Use  header  codes  (such  as "  1”  for 
urgent,  “0”  for  no  response  needed)  to  save  time. 

-Margaret  Locher 


Gas  Pumps  of  the  Future 
Fill  Up  Your  Car  Stereo 


digital  music  MP3  files  have  proved  a  viable  means 
for  storing  and  listening  to  music  for  years.  Yet  many  believe 
society  has  only  scratched  the  surface  of  the  capabilities 
that  the  digital  files  hold  for  the  future  of  mankind.  Why,  for 
instance,  are  we  currently  living  in  a  world  where  you  can’t  fill 
up  your  automobile  with  gas  and  download  MP3s  to  your  car 
stereo  at  the  same  time? 

Finally  (thank  heavens!)  that  problem  is  being  addressed. 

At  the  Consumer  Electronics  Association  trade  show, 
Dresser  Wayne,  a  manufacturer  of  fuel  pumps,  displayed 
how  a  customer  could  use  a  Bluetooth-enabled  cell  phone  to 
download  MP3s  from  the  company’s  Ovation  iX  fuel  pump, 
then  transfer  the  music  to  a  Microsoft-enabled  stereo  system 
in  a  Lincoln  Navigator.  Dan  Harrell,  Dresser  Wayne’s  vice 
president  of  global  product  architecture,  says  the  company 
is  trying  to  capitalize  on  the  few  minutes  of  downtime  people 
spend  pumping  gas.  Dresser  Wayne  hopes  the  MP3  down¬ 
loading  will  be  the  first  step  toward  the  gas  pump  becoming 
an  Internet  access  station  where  drivers  can,  say,  check  the 
weather  and  run  automotive  diagnostics. 

“Most  of  us  drive  cars  and  once  or  twice  a  week,  we  spend 
four  to  five  minutes  at  the  fuel  dispenser,”  Harrell  says.  "What 
are  the  opportunities  in  that  time  frame,  when  we’re  usually 
wasting  time,  to  do  other  things?" 

You  won’t  be  downloading  tunes  this  way  in  time  for  your 
summer  vacation,  though.  Harrell  says  the  technology 
remains  at  least  three  years  away  from  any  sort  of  widespread 
commercial  viability. 

Meanwhile,  cellular  providers  like  Verizon  and  Cingular 
(as  well  as  car  stereo  manufacturers)  will  no  doubt  make  it 
increasingly  easier  to  download  music  directly,  without  the 
intervention  of  a  pump.  So  it  remains  to  be  seen  whether 
Dresser  Wayne’s  vision  will  ever  materialize. 

Our  suggestion  for  your  first  MP3  download?  A  line  in 
Styx’s  "Mr.  Roboto”  comes  to  mind:  “The  problem’s  plain  to 
see:  Too  much  technology.”  -C.G.  Lynch 
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YOU  KNOW  MY  NAME  IS  TRACY  GOOD. 
NOW  PLEASE  STOP  CALLING  ME  MRS.  JONES. 


LET  ACXIOM  HELP  YOU  SEE  MORE.  CLEARLY. 

How  well  you  know  your  customers  today  has  everything  to  do  with  tomorrow. 

That's  where  Acxiom  can  help.  As  the  global  leader  in  customer  data  integration, 
we  can  help  you  see  your  customers  more  accurately  than  ever  before,  which  enables 
you  to  develop  lasting  relationships.  We're  probably  helping  your  competitors  already. 
Find  out  how  we  can  help  you  today  at  www.acxiom.com  or  888-3ACXIOM. 
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My  Space  Lawsuits  Break  Legal  Ground 


net  law  MySpace.com  faces  a  new  round  of  lawsuits 
filed  in  January  alleging  that  it  failed  to  protect  minors. 
Experts  say  the  cases  will  enter  murky  legal  territory. 

Four  families  whose  underage  daughters  were  sexu¬ 
ally  assaulted  after  meeting  men  in  person 
whom  they  had  met  online  via  MySpace 
filed  separate  lawsuits  in  Los  Ange¬ 
les  Superior  Court.  Their  lawyers 
contend  MySpace  waited  too 
long  to  employ  security  mea¬ 
sures  to  protect  underage 
users. 

MySpace,  owned  by 
News  Corporation,  has 
upgraded  its  security  fea¬ 
tures  after  facing  criticism 
that  predators  could  use  the 
site  to  target  children.  The 
lawsuits  were  filed  the  same 
week  that  MySpace  said  it  would 
release  software,  called  Zephyr,  for 
parents  to  monitor  changes  in  their 
children’s  accounts. 

Some  of  the  issues  facing  MySpace  have  also 


confronted  operators  of  chat  rooms  and  message  boards. 
Yahoo  pulled  some  user-created  chat  rooms  in  June  2005 
after  it  found  content  that  violated  its  terms  of  use. 

Social  networking  sites,  like  message  boards,  aren’t 
bound  by  law  in  how  they  should  operate  or  what  security 
features  they  must  have,  says  Struan  Robertson,  senior 
associate  attorney  at  Pinsent  Masons,  a  U.K.  law  firm  that 
deals  with  technology  issues. 

Illegal  activity  is  banned  in  terms  of  use  agreements,  but 
it’s  up  to  the  sites  to  determine  how  to  prevent  it. 

The  lawsuits  against  MySpace  pose  legal  challenges 
given  a  lack  of  previous  cases,  says  Evan  D.  Brown,  an  IT 
attorney  with  Hinshaw  and  Culbertson  in  Chicago. 

At  least  two  U.S.  cases  suggest  MySpace  could  be  in 
the  clear.  In  February,  a  federal  court  in  Texas  dismissed 
a  similar  suit  filed  against  MySpace  by  a  teenage  girl’s 
family,  after  she  was  assaulted  by  a  man  she  met  via 
MySpace:  The  judge  ruled  that  the  company  was  pro¬ 
tected  by  the  Communications  Decency  Act  of  1996. 

Also,  in  2001,  Florida’s  Supreme  Court  rejected  a  neg¬ 
ligence  suit  where  a  mother  alleged  AOL  failed  to  close 
the  account  of  a  subscriber  who  used  a  chat  room  to  sell 
obscene  photos  of  her  son. 

-Jeremy  Kirk 


A  New  Seal 

WEB  SECURITY 

Microsoft  and  some  indus¬ 
try  partners  are  promot¬ 
ing  a  new  certification 
process  designed  to  make 
it  harder  for  phishers  to 
spoof  websites.  The  plan 
gives  third-party  certi¬ 
fication  authorities  like 
VeriSign  and  Entrust  more 
stringent  guidelines  for 
authenticating  websites. 

A  resulting  new  seal  of 
approval,  an  Extended 
Validation  Secure  Sockets 
Layer  (EV  SSL)  certificate, 
may  reassure  consum¬ 
ers  that  they  are  handing 
information  over  to  a 
legitimate  site. 

EV  SSL-certified  sites 


Fights  Phishers 


will  look  a  little  different 
from  today’s  secure  sites, 
which  typically  display 
a  small  “lock”  icon  in  the 
Web  browser. 

When  Internet  Explorer 
hits  part  of  a  website  that 
supports  the  EV  SSL  stan¬ 
dard,  the  address  bar  will 
turn  green.  Users  will  also 
be  able  to  see  the  country 
where  the  website  is  based. 

Websites  buy  these  EV 
SSL  seals  from  certifica¬ 
tion  authorities,  who  fol¬ 
low  the  company’s  paper 
trail,  for  example,  con¬ 
firming  it  has  a  legitimate 
address  and  control  of  the 
Web  domain  in  question. 

“If  you’re  a  company 


without  a  reliable  paper 
trail,  you’re  not  going  to 
get  one  of  these,”  says  Tim 
Callan,  a  product  manager 
with  VeriSign.  “If  you’re 
incorporated,  if  you’re  an 
LLP,  or  if  you’re  a  regis¬ 
tered  charity,  you  have 
nothing  to  worry  about.” 

VeriSign  has  been  offer¬ 
ing  EV  SSL  certificates 
since  Dec.  11  and  has  more 
than  300  businesses  going 
through  the  certification 
process. 

Wells  Fargo  has  helped 
develop  the  EV  SSL  stan¬ 
dard,  and  eBay’s  PayPal 
has  recently  gone  live  with 
EV  SSL  certificates  on  two 
of  its  sites. 


Still,  some  issues  must 
be  worked  out.  For  exam¬ 
ple,  will  smaller  sites  that 
haven’t  been  spoofed  be 
willing  to  buy  certificates? 
Also,  it’s  not  settled  how 
EV  SSL  will  deal  with 
international  character 
types,  or  with  two  com¬ 
panies  that  have  the  same 
name  but  operate  in  differ¬ 
ent  countries. 

According  to  Window 
Snyder,  head  of  security 
strategy  at  Mozilla,  the 
Firefox  team  will  probably 
wait  until  version  3.0  of  its 
browser  is  released  later 
this  year  to  support  the 
new  certificate  program. 

-Robert  McMillan 
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usiness 
decision 
makers  today 
are  dealing 
with  enormous 
volumes  of 
data,  which 
makes  it 
difficult  to  find, 
use  and  share  valuable 
information.  The 
information  explosion 
can  lead  to  significant 
productivity  drains,  with 
workers  spending  far 
too  much  time  looking 
for  what  they  need 
rather  than  doing  such 
tasks  as  developing  new 
products,  improving 
processes  or  better 
serving  customers. 

Fortunately,  IT  vendors 
are  developing  software 
solutions  designed  to 
help  organizations  gain 
control  over  the  growing 
volumes  of  information 
and  improve  business 
performance. 

INFORMATION  OVERLOAD 

The  large  and  growing  volume  of 
information  presents  significant  chal¬ 
lenges  for  many  organizations.  Work¬ 
ers  often  struggle  to  find  the  informa¬ 
tion  they  need  and  filter  out  what 


New  software 
tools  help 
organizations 
find,  use 
and  share 
information 
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they  don’t.  They  also  have  a  hard  time  making  sense  of 
the  information  they  gather,  and  sharing  this  informa¬ 
tion  with  coworkers,  customers  and  business  partners 
without  adding  to  the  information  overload. 

Massive  volumes  of  new  information  are  being 
produced  every  year.  Every  information  worker  is 
expected  to  generate  three  megabytes  of  new  content 
per  year,  according  to  the  University  of  California  at 
Berkeley;  this  volume  is  forecast  to  increase  more  than 
twenty-fold  between  2001  and  2008.  E-mail  alone 
generates  about  400,000  terabytes  of  new  information 
each  year  worldwide. 

The  number  of  sources  of  information  continues 
to  grow,  too,  and  increased  complexity  often  makes 
it  harder  to  analyze  data  and  convert  it  into  useful, 
relevant  information  that  can  help  people  make 
important  business  decisions. 

Searching  for  and  analyzing  information  can  take 
up  to  15  to  30  percent  of  the  typical  information 


SOFTWARE  SOLUTIONS 

Technology  vendors  are  beginning  to  provide  solutions 
that  meet  the  challenge  of  finding,  using  and  sharing  in¬ 
formation.  For  example,  Microsoft  is  rolling  out  a  range 
of  new  products  designed  to  transform  the  way  people 
leverage  information  in  the  workplace.  These  offerings 
include  Windows  Vista™  operating  system,  Microsoft® 
Office  SharePoint®  Server  2007  and  Microsoft  Office 
Outlook®  2007. 

Microsoft’s  portfolio  of  products  can  help  organi¬ 
zations  better  search  for  and  leverage  information 
throughout  the  enterprise.  The  emphasis  of  the  com¬ 
pany’s  technology  strategy  is  on  the  need  for  a  holistic, 
long-term  approach  to  information  management,  as 
opposed  to  a  search-only  approach. 

While  search  is  a  hot  topic  today,  it’s  just  the  begin¬ 
ning,  the  company  says.  Microsoft  offers  a  platform 
that  includes  enterprise  search  solutions  complement¬ 
ed  with  tools  for  using  and  sharing  information  easily 


“Faced  with  the  endless  deluge  of  data  that  is  generated  every  second  of  every  day,  how 
can  we  hope  to  keep  up?  And  in  the  struggle  to  keep  up,  how  can  we  stay  focused  on  the 
tasks  that  are  most  important  and  deliver  the  greatest  value?"  -BILL  CATES 


worker’s  time,  according  to  the  research  firm  IDC  in 
Framingham,  Mass.1  That  includes  spending  nine  and 
a  half  hours  per  week  searching  for  data  and  about 
the  same  amount  of  time  analyzing  information.  That 
equates  to  thousands  of  dollars  per  worker  each  year 
in  lost  productivity.  IDC  says  at  least  half  of  all  online 
searches  are  not  successful,  adding  to  the  productivity 
drain. 

“Faced  with  the  endless  deluge  of  data  that  is 
generated  every  second  of  every  day,  how  can  we 
hope  to  keep  up?”  said  Microsoft  Chairman  Bill  Gates, 
speaking  at  the  2006  CEO  Conference.  “And  in  the 
struggle  to  keep  up,  how  can  we  stay  focused  on  the 
tasks  that  are  most  important  and  deliver  the  greatest 
value?” 

The  growing  level  of  complexity  and  information 
overload  is  making  it  more  difficult  for  workers  to 
find,  use  and  share  information.  In  addition  to  the 
time  spent  searching  for  information,  people  have 
to  contend  with  multiple  systems  that  have  different 
interfaces,  requiring  multiple,  unrelated  search  tools. 

Furthermore,  there  are  differences  between  data 
management  tools  and  data  formats  that  hinder  work¬ 
ers’  ability  to  assimilate  information.  The  information 
that  is  accumulating  on  individual  computers  is  often 
disorganized  and  limits  data  availability.  And  the  abil¬ 
ity  to  share  information  is  hindered  by  an  inability  to 
easily  and  smoothly  exchange  data. 

Information  overload  is  driving  costly  investments 
in  information  technology.  AMR  Research  in  Boston 
says  better  utilization  of  data  was  the  single  most  im¬ 
portant  driver  of  IT  investment  among  manufacturing 
companies  in  2004,  ahead  of  managing  customers  and 
channels  of  distribution,  product  innovation  and  de¬ 
velopment,  and  lean  manufacturing. 


and  with  enhanced  security  features.  The  potential 
benefits  include  more  relevant  information,  increased 
productivity,  better  collaboration  and  integrated  data 
management. 

Windows  Vista  is  Microsoft’s  most  robust  and  se¬ 
cure  operating  system  to  date.  The  product  features 
a  new  user  interface  and  easier  ways  to  find,  search, 
share  and  organize  information. 

For  example,  a  sales  rep  at  an  accounting  firm  work¬ 
ing  on  a  project  for  a  financial  services  client  must 
deliver  a  proposal  within  hours.  Using  Windows  Vista 
search  technologies,  she  finds  on  her  firm’s  intranet  a 
proposal  template  tailored  to  financial  services  from 
a  SharePoint  document  repository,  a  directory  of  in¬ 
dustry  experts  within  her  firm,  a  list  of  clients  in  the 
financial  sector,  and  analyst  reports. 

From  the  Internet,  the  rep  finds  the  latest  news  and 
financial  information  about  the  client.  From  her  desk¬ 
top,  she  finds  previous  proposals  that  she  created  for 


Windows  Vista  Home  Premier,  Windows  Vista  Business  and 
Windows  Vista  Ultimate  offer  an  enhanced  desktop  experience, 
including  “glass”  borders  on  dynamic  windows  and  Windows  Flip, 
which  shows  live  thumbnails  of  open  windows  instead  of  generic 
windows  icons. 
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A  COLLABORATIVE  EFFORT 


Consultancy 

Ss  its 
ectual 
property  for 
customer  value 


AVANADE,  a  Seattle-based  technology 
consulting  firm,  recently  deployed 
the  Windows  Vista”  operating 
system,  Microsoft®  Exchange  Server 
2007  and  the  2007  Microsoft  Office 
system  to  take  advantage  of  increased 
collaboration  capabilities,  among  other 
benefits.  The  new  search  capabilities 
let  Avanade  employees  find,  use 
and  share  information  more  quickly 
and  easily-enabling  them  to  be  more 
responsive  to  customers. 

The  company  wanted  to  make 
it  easier  for  its  consultants  to 
access  documents,  regardless  of 
the  consultant’s  or  the  document’s 
location.  “Effectively  mining  the 
considerable  depth  of  Avanade 
intellectual  property  is  key  to  the 
efficiency  of  our  consultants  and  the 
value  we  can  deliver  to  our  customers,” 
says  Ryan  Sokolowski,  Microsoft  Early 
Adopter  manager  for  Avanade, 
a  joint  venture  between  Accenture 
and  Microsoft. 

But  the  consultants  might  work 
on  multiple  customer  engagements 
simultaneously,  Sokolowski  says,  and 
as  they  move  back  and  forth  between 
locations  “they  need  to  be  able  to  find 
and  share  information  with  each  other, 
collaborating  to  provide  better  service 
to  those  customers." 

The  firm  upgraded  from  Windows® 
XP  to  the  Windows  Vista  operating 


system,  from  Microsoft  Exchange 
Server  2003  to  the  Microsoft  Exchange 
Server  2007  communication  and 
collaboration  server,  and  from 
Microsoft  Office  Professional  Edition 
2003  to  the  2007  Microsoft  Office 
system. 

Avanade  piloted  the  Windows  Vista 
and  Microsoft  Office  system  upgrades 
on  an  opt-in  basis,  and  estimates 
that  more  than  500  employees  have 
adopted  the  new  solutions.  The  firm 
began  its  Exchange  Server  2007 
migration  in  June  2006  with  a  group 
of  131  people,  representing  a  cross- 
section  of  its  workforce.  Avanade  is 
also  conducting  a  pilot  implementation 
of  Microsoft  Office  SharePoint®  Server 
2007,  which  its  employees  use  to  share 
business  information  through  team 
sites,  document  work  spaces  and 
blogs. 

The  software  upgrades  have 
boosted  efficiency  in  all  areas  of  the 
company.  “For  us,  using  Windows 
Vista,  Exchange  Server  2007  and 
the  2007  Microsoft  Office  system 
is  about  working  better  together  to 
deliver  higher  levels  of  service  and 
functionality  to  meet  the  ‘always-on’ 
demands  of  our  customers,”  says 
Sokolowski. 

The  operating  system  and 
messaging  upgrades  give  Avanade 
consultants  on  the  road  improved 


wireless  networking,  synchronization 
and  management  of  mobility  settings. 
They’re  no  longer  limited  to  e-mail 
updates  when  working  together  on 
project  materials.  Consultants  can 
use  Microsoft  Office  Outlook®  Web 
Access  to  gain  direct  access  to  Office 
SharePoint  Server  2007  sites,  where 
they  can  download  shared  documents. 

“Easier  access  to  information 
from  virtually  anywhere,  improved 
search  capabilities  for  quickly  finding 
specific  information,  and  an  effective 
means  for  sharing  that  information 
are  uniting  our  distributed  workforce,” 
Sokolowski  says. 

Other  benefits  of  the  software 
upgrades  include  decreased  user 
dependence  on  IT,  which  allows 
the  IT  department  to  accomplish 
more,  thanks  to  easier  deployments, 
enhanced  security  management  and 
more  flexibility  for  data  backups. 

Avanade  anticipates  improved 
operational  efficiency  and  significant 
overall  savings  from  the  combination 
of  enhanced  access  and  search 
capabilities.  Office  SharePoint  Server 
2007  search  capabilities,  in  particular, 
allow  us  to  more  effectively  access 
communications,  expertise,  and 
line-of-business  information,” 
Sokolowski  says. 


other  clients.  From  a  customer  relationship  manage¬ 
ment  (CRM)  system,  the  rep  locates  a  history  of  all  past 
projects,  proposals  and  outcomes. 

In  the  past,  the  rep  would  have  had  to  rely  on  her 
own  previous  proposals,  so  there  was  little  or  no  shar¬ 
ing  of  best  practices.  Locating  industry  experts  would 
have  required  making  several  phone  calls  or  e-mails 
over  a  period  of  several  days.  She  would  have  spent 
several  hours  sorting  through  information  on  her 
desktop  computer,  and  likely  would  not  have  found 
useful  material  or  been  able  to  get  CRM  data  without  a 
lengthy  request  to  the  IT  department. 

After  a  quick  review  of  the  retrieved  information, 
the  rep  can  easily  populate  the  Microsoft  Word  pro¬ 
posal  template  with  industry  background,  client  in¬ 
formation  and  requirements.  She  could  then  retrieve 
a  preconfigured  Excel®  template  from  the  document 
repository  and  calculate  a  fee  quote  based  on  the 
requirements  in  the  RFQ.  Using  Microsoft  Office 
Outlook  Workflow,  she  could  easily  trigger  an  urgent 


approval  process.  Within  minutes,  the  rep  could  start 
receiving  replies,  and  the  proposal  could  be  reviewed 
and  approved  in  less  than  three  hours.  Previously,  the 
approval  process  might  have  taken  days. 

Windows  Vista*  includes  the  new  Windows  Aero™ 
user  experience,  which  features  a  transparent  glass 
look;  dynamic  windows  that  are  easy  to  find  even 
when  closed;  live  taskbar  thumbnails  that  reveal  the 
contents  of  current  windows;  Windows  Flip,  which 
shows  live  thumbnails  of  open  windows  instead  of  ge¬ 
neric  window  icons;  and  Windows  Flip  3D,  which  dy¬ 
namically  displays  all  open  windows  in  a  stacked  for¬ 
mat  and  shows  live  processes  such  as  a  playing  video. 

Windows  Vista  offers  several  new  and  enhanced 
search  tools.  The  Instant  Search  tool,  accessible  from 
almost  anywhere  in  Windows  Vista,  enables  searching 
by  file  name,  properties  or  text  within  a  file,  and  ranks 
results  based  on  current  activity.  The  Search  Pane  in 
all  Windows  Vista  Explorers  enables  users  to  design  a 
search  with  multiple  criteria  (such  as  location,  content 


Windows  Aero  and  Windows  Flip  are  available  in  Windows  Vista  Home  Premier,  Windows  Vista  Business  and  Windows  Vista  Ultimate. 
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type,  keyword  or  date).  Users  can  save  searches  and  re¬ 
run  them  at  any  time. 

Windows  Vista  is  designed  to  make  it  easier  to  use 
mobile  PCs  and  Windows  Mobile®-enabled  devices, 
helping  workers  connect  to  information,  customers 
and  coworkers  in  the  office,  at  home  or  on  the  road. 

Microsoft  Office  Outlook  2007  helps  users  man¬ 
age  time  and  information.  With  Office  Outlook  2007, 
workers  can  quickly  search  communications,  organize 
projects  and  better  share  information. 

With  integrated  Instant  Search,  users  can  locate  in¬ 
formation  from  within  the  Office  Outlook  2007  inter¬ 
face.  They  can  search  by  keyword  within  messages,  as 
well  as  through  keywords  within  e-mail  attachments. 

A  To-Do  bar  lets  users  organize  schedules  and  manage 
priorities,  providing  a  snapshot  view  of  their  calendars, 
upcoming  appointments,  tasks  and  flagged  mail. 

Workers  can  also  use  Office  Outlook  2007  to  inter¬ 
act  with  information  stored  in  Windows  SharePoint 
Services  technology,  connecting  Windows  SharePoint 
Services  calendars,  documents,  contacts  or  tasks  with 
Office  Outlook  2007. 

Another  product  offering,  Microsoft  Office  Share- 
Point  Server  2007,  is  an  integrated  suite  of  server  capa¬ 
bilities  that  provides  content  management  and  enter¬ 
prise  search,  enabling  shared  business  processes  and 
information  sharing.  Office  SharePoint  Server  2007 
supports  all  intranet,  extranet  and  Web  applications 
across  an  enterprise  within  one  platform,  rather  than 
separate  systems. 

Using  the  server,  organizations  can  store  and 
organize  all  business  documents  and  content  in  a  cen¬ 
tral  location,  giving  users  a  consistent  way  to  navigate 
and  find  relevant  information.  Companies  can  also 
create  live,  interactive  business  intelligence  portals 


SUMMARY 

Clearly  there  is  a  growing  need  for 
software  and  solutions  that  help 
companies  improve  the  way  workers 
find,  use  and  share  information. 
According  to  October  2005  Microsoft 
estimates,  the  enterprise  portals  and 
content  access  tools  (enterprise  search) 
market  segments  were  projected  to  have 
a  total  compound  annual  growth  rate 
of  more  than  9  percent  from  fiscal  year 
2006  through  2009,  and  overall  sales  of 
$1.8  billion  by  2009. 

The  enterprise  portals  market 
segment  is  expected  to  reach  $818 
million  in  sales  by  2009.  The  enterprise 
content  access  tools  market  segment 
is  forecast  to  be  even  larger,  at  $993 
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million  by  2009,  representing  a 
compound  annual  growth  rate  of 
10.5  percent. 

Products  such  as  those  offered 
by  Microsoft  are  designed  to  help 
organizations  find,  use  and  share 
information  more  effectively  and 
efficiently.  The  Microsoft  product 
portfolio  provides  a  single  indexing  and 
search  infrastructure  that  effectively 
scales  from  the  desktop  through  group 
and  divisional  portal  sites  to  the  largest 
corporate  intranets,  extranets  and 
Internet  Web  sites. 

These  products  enable  users  to  search 
across  the  desktop,  corporate  network 
and  the  Internet,  to  quickly  find  multiple 


Office  Outlook  2007  enables  easy  management  of  time  and 
information  through  features  like  integrated  Instant  Search,  a  To- 
Do  bar  and  seamless  integration  with  Windows  SharePoint  Server. 

that  assemble  and  display  information  from  disparate 
sources  by  using  integrated  business  intelligence 
capabilities  such  as  dashboards,  Web  Parts,  key 
performance  indicators  (KPIs),  and  business  data 
connectivity  technologies. 

Each  of  these  solutions  empowers  managers  and 
staffers  to  make  better  business  decisions,  be  more 
productive  and  achieve  greater  business  success.  Sev¬ 
eral  of  the  key  benefits  that  can  result  from  using  these 
types  of  software  products— business  process  improve¬ 
ment,  greater  competitiveness  and  using  intelligence  in 
products  and  services— were  among  the  top  CIO  priori¬ 
ties  in  2006,  as  cited  by  the  research  firm  Gartner  in 
Stamford,  Conn.2 


Armed  with  more 
efficient  ways  to 
find,  use  and  share 
valuable  business 
information, 
organizations 
will  be  poised 
to  improve 
operations, 
increase  sales  and 
better  serve  their 
customers. 


types  of  information  including  files 
and  line-of-business  data.  Armed  with 
more  efficient  ways  to  find,  use  and 
share  valuable  business  information, 
organizations  will  be  poised  to  improve 
operations,  increase  sales  and  better 
serve  their  customers. 


1.  IDC,  The  Hidden  Cost  of  Information  Work,  #202334,  April  1,  2006. 

2.  “Growing  IT’s  Contribution:  The  2006  CIO  Agenda”,  Gartner  Executive  Programs. 
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TRUST... 


"We  outsourced  most  of  our  IT 
to  Perot  Systems  back  in  1998 
and  it  is  one  of  the  best  strategic 
decisions  we  ever  made.  They've 
earned  our  deepest  trust  in  every 
way  by  contributing  to  the  success 
of  many  key  business  initiatives." 


Since  1988,  Perot  Systems  Corporation  has  used  a  collaborative 
approach  based  on  mutual  trust  to  deliver  technology-based 
business  solutions  that  help  organizations  worldwide  control 
costs  and  cultivate  growth. 


Drawing  on  deep  industry  expertise  and  a  portfolio  of  interrelated 
consulting,  business  process,  application,  and  infrastructure 
services,  we're  there  when  customers  need  us  the  most  offering 
proven  technology,  and  timely  delivery  to  create  solutions  that 
maximize  returns  on  IT  and  business  process  investments. 


When  you  need  a  hand  to  reach  your  goals,  we'll  be  there 
to  help  pull  you  through.  Call  us  at  1  888  31  PEROT,  or  visit 
www.perotsystems.com. 


G.  Gilmer  Minor  III , 
Chairman, 
Owens  &  Minor,  Inc. 
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Where  does  soft¬ 
ware  as  a  service 
most  help  mid¬ 
size  enterprises 
today?  Think 
key  business 
functions  like 
accounting  and 
CRM.  For  CIOs 
with  lean  staffs, 
the  advantages  of 
SaaS  add  up. 


FROM  INCEPTION  TO  IMPLEMENTATION  — I.T.  THAT  MATTERS 


SaaS  Appeal 

JOHN  EDWARDS 


ON-DEMAND  SOFTWARE  |  Like  other  midsize  enterprises  shopping  for  CRM 
software,  Ventana  Medical  Systems  faced  two  basic  choices  in  2005:  choose  a  traditional 
application  or  opt  for  the  newer  software-as-a-service  (SaaS)  model  and  have  CRM  tools 
delivered  directly  to  end  users  via  the  Web.  In  hindsight,  the  decision  turned  out  to  be 
something  of  a  no-brainer,  says  Anthony  King,  CIO  for  the  medical  diagnostics  equipment 
manufacturer.  “SaaS  beats  the  alternative  in  maintenance,  training,  user  flexibility  and 
several  other  key  areas,”  he  says. 

In  the  past  few  years,  several  key  factors  combined  to  make  SaaS  an  increasingly  popular 
choice  at  companies  like  Ventana:  Web  technologies  matured,  applications  grew  more  stan¬ 
dardized,  and  the  appeal  of  lower  up-front  capital  costs,  streamlined  maintenance  and  easier 
scalability  only  became  stronger.  Robert  DeSisto,  an  applications  industry  analyst  at  Gartner, 
predicts  that  “by  2011, 25  percent  of  new  business  software  will  be  delivered  as  a  service.” 

Most  midsize  enterprises  turn  to  SaaS  expecting  significant  cost,  deployment  speed  and 
maintenance  benefits.  (And,  of  course,  many  midsize  companies  don’t  have  the  in-house  IT 
staff  to  manage  more  applications.)  They’re  looking  to  SaaS  to  improve  efficiency  for  core 
processes  such  as  CRM,  sales  compensation  management  and  ERR  But  before  they  rush 
toward  SaaS,  these  organizations  also  need  to  be  sure  that  the  functionality  of  the  solution 
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meets  their  business  requirements  and 
that  they  can  integrate  with  their  exist¬ 
ing  applications  without  a  hassle.  In  some 
cases,  customization  options  are  limited. 

Nevertheless,  a  growing  number  of  mid¬ 
level  enterprises  have  decided  SaaS’s  bene¬ 
fits  far  outweigh  its  drawbacks.  “There’s  no 
application  in  the  world  that  you  can’t  run 
in-house  if  you  have  the  money,  resources 
and  expertise,”  says  Laurie  McCabe,  an 
analyst  at  technology  research  firm  AMI 
Partners.  “The  problem  is  that  most 
medium  [-size]  businesses  don’t  have  that 
capability,”  she  says.  “In  most  cases,  SaaS 
is  economically  a  better  way  to  go.” 

Ditchingthe  CRM  Antiques 

Many  midsize  businesses  first  test  the 
SaaS  waters  with  an  on-demand  CRM 
application.  That’s  because  many  midlevel 
companies  have  a  dire  need  to  overhaul 
antiquated  customer  support  processes. 
Fortunately,  SaaS  meshes  well  with  CRM 
technology,  allowing  companies  with 
small  IT  budgets  to  run  modern,  sophisti¬ 
cated  customer  analysis  applications  on  a 


After  evaluating  several  on-demand  and 
traditional  CRM  products,  Ventana  settled 
on  SaaS  technology  from  Salesforce.com— a 
mix  of  marketing  automation,  analytics  and 
other  applications.  “The  benefits  of  having  a 
hosted  solution  outweighed  the  benefits  of 
the  in-house  solution,”  King  says.  “Plus,  the 
time  to  get  it  up  and  running  was  signifi¬ 
cantly  shortened  with  a  hosted  solution.” 
Initial  deployment  and  training  took  less 
than  four  months,  King  says. 

SaaS  technology  gives  Ventana  the 
same  features  offered  by  traditional  CRM 
software— including  capture,  storage  and 
analysis  of  customer  information— with¬ 
out  incurring  the  extra  burden  of  running 
its  own  servers,  operating  a  network  to 
connect  branch  offices  and  hiring  a  large 
IT  staff. 

“It’s  just  significantly  easier,”  King  says. 
“We  have  a  very  good  Oracle  ERP  system, 
but  trying  to  keep  it  up  to  date  across  the 
organization  and  supporting  it  is  a  pretty 
substantial  effort.”  With  SaaS,  the  service 
provider  does  all  the  work  to  run,  main¬ 
tain  and  update  the  CRM  system. 


“In  a  regulated  industry,  you  spend 
most  of  your  time  validatingand 
updating  software.  That’s  not  your 
true  competency.  We  don’t  have 
to  validate  the  Salesforce.com 
tool,  only  the  way  we’re  using  it.” 

-Anthony  King,  CIO,  Ventana  Medical  Systems 


pay-as-you-go  basis,  with  only  a  minimal 
up-front  investment. 

At  Ventana,  the  search  for  a  CRM  solu¬ 
tion  had  reached  “critical  mass”  by  2005. 
Customer  contacts,  crucial  to  the  com¬ 
pany’s  continued  financial  health,  were 
not  readily  available  for  field  personnel 
because  the  data  was  either  on  paper  or 
buried  in  an  ERP  system.  “We  basically 
were  manual  for  the  most  part— Day-Tim¬ 
ers,  paper  files  and  such,”  says  King. 


Ventana  also  values  Salesforce.com’s 
ability  to  provide  multiple  language  inter¬ 
faces  on  demand,  facilitating  work  with 
offices  worldwide  and  a  staff  that  speaks 
more  than  20  languages.  “To  change  the 
language,  you  literally  click  a  button  on  the 
screen,”  King  says.  This  contrasts  sharply 
with  Ventana’s  on-premises  ERP  system, 
where  adding  a  new  language  requires  IT 
staffers  to  painstakingly  design  and  test 
new  modules. 


Your  Service 
Plan 

Before  you  march  forward 
with  SaaS  technology,  here 
are  some  cautionary  words 
from  three  companies  that 
have  been  through  the  drill 

1.  Software  as  a  service  (SaaS)  still 
requires  front-end  work.  Despite 
cost  and  operational  benefits,  SaaS 
software  still  must  satisfy  its  end 
users.  "As  with  any  tool,  adoption  is 
the  key  to  success.  So  spending  time 
on  the  front  end,  building  up  your 
plan  and  creating  a  communications 
strategy  will  all  help  garner  adoption.” 
-Anthony  King,  CIO,  Ventana  Medical 
Systems 

2.  Consider  the  state  of  your  own 
data.  How  much  work  will  be  required 
to  feed  it  to  the  SaaS  app  neatly? 

Trex  found  that  Centive’s  Compel 
app  worked  well— once  Trex’s  IT  team 
exported  the  necessary  data  from 

an  aging  J.D.  Edwards  ERP  engine 
that  put  up  a  longer-than-expected 
struggle.  “Don't  underestimate  the 
complexity  of  making  sure  system 
mergers  can  be  handled.” 

-Mitch  Cox,  VP  of  sales,  Trex 

3.  Don’t  get  optimistic  on  time  frame. 

SaaS  has  a  reputation  for  rapid 
deployment,  but  perhaps  not  as 
rapid  as  you  may  think.  Set  a  realistic 
schedule.  “I  really  thought  we  would 
be  able  to  do  this  within  a  quarter, 
and  that  may  have  been  just  too 
aggressive.”  -Mitch  Cox 

4.  Examine  your  business  processes. 

Some  SaaS  applications  are  difficult 
to  customize,  so  make  sure  your  busi¬ 
ness  processes  match  the  software’s 
design.  “It’s  a  good  opportunity 
to  simplify  the  processes  and  to 
make  your  business  more  efficient.” 
-Fabrice  Cancre,  COO,  Olympus  NDT 
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_DAY  53:  We  have  so  much  information.  Data.  E-mails. 
Web  content.  Video.  But  it’s  scattered  across  the 
business.  We  can’t  find  anything  we  need. 

_Gil  says  he  needs  a  hand.  Alas,  I’m  afraid  of  heights. 

_Day  54:  Here’s  something  more  grounded:  IBM  Information 
Management  middleware.  Now  we  can  access  any  kind  of  info 
and  accurately  deliver  it  to  the  people  or  processes 
that  need  it.  It  gives  us  information  we  can  trust  and 
insights  we  can  act  on  to  deliver  real  business  value. 

_0nce  again,  this  accursed  acrophobia  makes  me  the 
object  of  my  colleagues’  ridicule. 


Information  Management 


in  the  United  States  and/or  other  countries.  ©2007  IBM  Corporation.  All  rights  reserved 


essential  technology 


For  a  government-regulated  company 
like  Ventana,  SaaS  can  also  save  time  and 
money  by  cutting  red  tape.  “In  a  regulated 
industry,  you  spend  most  of  your  time 
validating  and  updating  software,”  King 
says.  “That’s  not  your  true  competency;  it 
really  doesn’t  add  value  to  your  business.” 
On-demand  software  drops  much  of  the 
time-consuming  validation  onto  the  soft¬ 
ware  provider.  “We  don’t  have  to  validate 
the  Salesforce.com  tool,  only  the  way  we’re 
using  it,”  King  says. 

King  feels  that  his  SaaS-based  CRM 
technology  offers  more  features  than  most 
premises-based  counterparts  while  creat¬ 
ing  less  work  for  business  and  IT  staffers. 
“We  have  much  more  operational  flexibil¬ 
ity,  more  current  information  about  our 
customers  and  the  ability  to  make  more 
informed  decisions,”  he  says. 


facturer,  business  users  found  themselves 
caught  in  their  own  version  of  “Excel  Hell.” 
Sales  reps  and  managers  were  tracking 
compensation  via  spreadsheets,  leading 
to  endless  conflicts  and  disputes.  “Excel 
spreadsheets  are  typical  for  a  lot  of  compa¬ 
nies  our  size,”  says  Mitch  Cox,  vice  president 
of  sales.  “You  end  up  doing  the  calculations 
manually  and,  unfortunately,  the  accuracy 
is  always  called  into  question.” 

The  activity  also  burned  away  time. 
“You’ve  got  a  bunch  of  people  spending  an 
inordinate  amount  of  time  tracking  some¬ 
thing  that,  frankly,  they  shouldn’t  have  to 
waste  their  time  tracking,”  Cox  says. 

Looking  for  a  faster,  better  way  to  gauge 
compensation,  Cox  turned  to  SaaS  pro¬ 
vider  Centive  and  its  Compel  software.  But 
why  did  a  sales  VP  spearhead  a  new  soft¬ 
ware  initiative?  Cox  says  he  was  drawn  to 


At  decking  and  railing  manufac¬ 
turer  Trex,  business  users  were 
caught  in  their  own  version  of 
“Excel  Hell.”  Sales  reps  and  man¬ 
agers  were  tracking  compensation 
via  spreadsheets,  leading  to 
endless  conflicts  and  disputes. 

-Mitch  Cox,  Trex  VP  of  sales 


King  says  the  only  significant  “road 
bump”  he  faced  was  convincing  end  users 
to  take  full  advantage  of  the  system’s  infor¬ 
mation  management  and  analysis  features. 
“Basically  showing  the  field  folks  what’s  in 
it  for  them,”  he  notes.  “Once  they  could  see 
that,  then  there  was  a  lot  of  buy-in.” 

Compensation  Strife 

Sales  compensation  management  has  some¬ 
thing  in  common  with  CRM  at  some  mid¬ 
size  companies.  Even  though  calculating 
compensation  for  sales  reps  is  a  key  process, 
especially  for  firms  in  growth  mode,  it  may 
be  ignored  until  it  creates  a  true  mess. 

At  Trex,  a  decking  and  railing  manu¬ 


the  software,  and  the  SaaS  model,  because 
Trex  simply  wasn’t  in  a  position  to  run  on¬ 
premises  compensation  software.  “Our  IT 
department  is  a  dedicated  group  of  peo¬ 
ple  that’s  very  small,”  he  says.  “I  needed 
to  have  this  capability  provided  from  the 
outside  to  avoid  adding  to  their  burden.” 

Cox  doesn’t  feel  that  he  was  forced  to 
settle  for  a  second-rate  technology.  Corn- 
pel’s  dashboard  view  gives  sales  represen¬ 
tatives  a  real-time  view  of  their  position 
and  ultimate  objective  during  any  given 
quarter.  “Managers  love  it  because  they’re 
able  to  focus  their  time  where  it’s  needed 
most,”  he  says.  “They  can  understand 
right  away  who’s  winning  and  who’s  los- 


On-demand 

financial 

management 

appsand 

sales-force 

automation 

will  win 

mainstream 

adoption 

within  two  to 

five  years. 

SOURCE:  Gartner 


ing  on  a  sales  rep  basis— and  there’s  no 
disputing  the  data.” 

On  the  downside,  although  the  project 
was  envisioned  with  the  need  for  minimal 
IT  involvement,  things  didn’t  quite  turn 
out  that  way,  though  not  for  reasons  hav¬ 
ing  to  do  with  the  Compel  product. 

The  deployment  took  longer  than  antic¬ 
ipated,  because  it  took  Trex’s  IT  staff  lon¬ 
ger  than  planned  to  create  the  necessary 
export  file,  using  data  from  Trex’s  aging 
J.D.  Edwards  ERP  data  engine.  During 
this  process,  Trex  IT  also  discovered  that 
the  data  in  the  J.D.  Edwards  application 
did  not  always  reconcile  with  the  data  that 
its  finance  department  used  to  calculate 
commissions.  The  deployment  spanned 
most  of  2006’s  second  quarter;  tweak¬ 
ing,  training  and  other  follow-up  tasks 
dragged  well  into  the  next  period. 

“Compel  integrated  easily  with  our 
source  systems  once  we  reconciled  our 
data  and  created  the  necessary  data  feeds,” 
Cox  says. 

Cox  says  he’s  pleased  with  both  Com¬ 
pel  and  the  SaaS  model.  “There’s  been  a 
decent  productivity  gain,  because  people 
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_DAY  34:  This  indecision  is  sinking  the  business. 
How  do  we  move  to  a  service  oriented  architecture? 
Where  do  we  start?  Can  we  reuse  what  we  have? 

_Inf restructure  quicksand!!  We  waited  too  long.  I’d 
throw  Gil  my  tie,  but  it’s  a  clip-on. 


_DAY  37:  A  lifeline:  IBM  WebSphere  middleware!  It’s 
already  helped  thousands  of  customers  build  an  SOA. 
Adapters  give  us  a  standardized  approach  to  integrating 
apps  from  SAP,  Oracle  and  others.  And  it  lets  us  reuse 
what  we  have,  saving  time  and  money. 

_0h,  great.  There’s  sand  in  my  yogurt. 


WebSphere 


Download  the  reuse  and  connectivity  kit  at: 
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aren’t  doing  that  one-off  tracking  like 
they  were  in  the  past,”  he  says. 

Cox  says  he’s  open  to  the  possibility  of 
using  more  SaaS-based  tools  in  the  future. 

Suite  Success 

As  SaaS  steadily  builds  a  real-world  track 
record,  more  midsize  enterprises  entrust 
the  technology  with  not  one  but  multiple 
core  business  tasks.  Olympus  NDT,  a  man¬ 
ufacturer  of  testing  equipment,  uses  Net- 
Suite,  a  fully  integrated  suite  of  services, 
for  accounting,  CRM  and  e-commerce.  Data 
integration  was  NetSuite’s  biggest  drawing 
card,  says  Fabrice  Cancre,  Olympus  NDT’s 
chief  operating  officer,  who  oversees  the 
enterprise’s  IT  operations. 


things  that  add  up  to  a  very  big  cost  for  a 
midsized  business.” 

Scalability  also  attracted  Olympus 
NDT  to  SaaS.  The  rapidly  growing  com¬ 
pany  is  expanding  both  domestically  and 
internationally.  “We  have  six  locations  in 
the  U.S.,  and  we’re  also  using  the  system 
in  Germany,  France,  England  and  Japan,” 
Cancre  says.  Adding  users  in  new  loca¬ 
tions  requires  little  more  than  logging 
them  in  to  the  Web-based  system. 

While  Olympus  NDT  has  handed  over 
all  of  its  customer-facing  interactions 
to  NetSuite,  it  still  relies  on  traditional 
software,  Infor  Visual  Manufacturing,  to 
support  another  core  business  process, 
production  operations.  The  onsite  soft- 


Should  midsize  enterprises  view 
software  in  the  same  light  as  other 
essential  business  services?  “We 
could  have  our  own  lawyers  too. 
But  we  don’t  have  them— we  hire 
them  as  we  need  them." 


-Fabrice  Cancre,  COO,  Olympus  NDT 


“The  sales  reps,  the  accountants,  the 
inside  salespeople  taking  the  orders,  the 
customer  services  reps— everybody  is 
entering  data  into  the  same  database,”  he 
says. 

While  every  ERP  package  offers  data 
integration,  SaaS  gave  Olympus  NDT  the 
ability  to  obtain  ERP  benefits  without 
the  complex  hardware  and  maintenance 
infrastructure  that  usually  accompanies 
on-premises  ERP  packages.  “The  entire 
system  is  managed  by  NetSuite,”  Cancre 
says.  “We  don’t  have  any  need  for  (ERP) 
servers,  backup  systems  and  the  other 


Microsoft’s  Vision  for  SaaS 


How  does  Microsoft  see  itself  fitting  into  the 
world  of  SaaS?  See  BEYOND  VISTA  at  www 
.cio.com/111506 
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ware  tracks  parts,  coordinates  ships  and 
handles  various  other  manufacturing- 
oriented  tasks.  “NetSuite  is  definitely  not 
able  to  do  that,”  Cancre  says. 

On  the  other  hand,  NetSuite  does 
exchange  key  business  data  with  the  man¬ 
ufacturing  ERP  software.  “We’ve  set  up 
our  systems  so  that  we  consider  our  facto¬ 
ries  as  a  vendor,  at  least  from  the  NetSuite 
point  of  view,”  Cancre  says.  “NetSuite 
then  trades  with  the  ‘customer.’” 

Cancre  says  midsize  enterprises  need 
to  view  software  in  the  same  light  as  other 
essential  business  services.  “I  mean,  we 
could  have  our  own  lawyers  too,”  he 
notes.  “But  we  don’t  have  them— we  hire 
them  as  we  need  them.”  BBI 


John  Edwards  is  an  Arizona-based  freelance 
writer.  To  comment  on  this  article,  go  to  the 
online  version  at  www.cio.com/030107. 


TOOLBOX 

At  Your  Service 

Here’s  a  look  at  three  SaaS 
apps  that  mid-market  CIOs 
often  consider 

Salesforce.com 

Perhaps  the  best-known  example  of 
software  as  a  service  (SaaS),  Sales- 
force.com  helps  large  and  midsize 
companies  with  sales-force  automation 
and  customer  relationship  manage¬ 
ment,  from  tracking  sales  opportunities 
to  contacts.  According  to  market- 
watcher  Gartner,  midsize  IT  organiza¬ 
tions  pressed  for  staff  and  budgets  will 
see  some  of  the  best  ROI  with  it.  As  with 
many  on-demand  apps,  larger  organi¬ 
zations  with  more  complex  deployment 
needs  must  work  harder  to  calculate 
total  cost  of  ownership. 

Compel 

Centive’s  Compel,  the  most  widely 
used  choice  for  sales  compensation 
management,  handles  the  account¬ 
ing,  compliance  and  reporting 
aspects  of  this  chore.  It  also  helps 
you  model  and  forecast  commission 
spending  and  tweak  commission 
plans  to  encourage  growth.  Compel 
delivers  data  via  an  interactive  dash¬ 
board  view  to  salespeople  and  man¬ 
agers.  This  service  integrates  with 
Salesforce.com  via  the  AppExchange 
partnership  program. 

NetSuite 

NetSuite’s  eponymous  suite  of  ser¬ 
vices  handles  accounting/ERP,  CRM 
and  e-commerce  processes  (including 
complete  care  of  an  online  store,  if 
you  like).  The  company  also  offers  the 
CRM  piece  separately.  The  account¬ 
ing/ERP  potential  for  SaaS  has 
intrigued  more  people  lately,  Gartner 
notes,  but  on-demand  accounting 
often  shows  the  most  ROI  at  small-  to 
midsize  companies  that  have  typical 
accounting  requirements  and  lack 
intricate  integration  concerns.  -L.M. 
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Advertising  Supplement 


Resources  and  the 
Branch  Office 


Many  organizations 
haven’t  figured  out 
how  to  run  branch 


offices  without  IT 


management  solution 
is  the  answer. 


There’s  nothing  worse  than  waking  up 
a  systems  engineer  at  4  a.m.  to  reboot 
a  critical  server  at  a  branch  office  in 
a  neighboring  state.  It’s  bad  for  the 
techie  who  loses  sleep,  and  it’s  bad 
for  your  business.  Every  time  that  IT 
staffer  has  to  roll  out  of  bed  and  roll 
out  to  a  remote  site,  your  company 
racks  up  extra  charges  for  after-hours 
support.  That  off-site  service  call  also 
may  affect  productivity  at  the  home 
office  if  the  engineer  has  to  drive  hours 
to  get  back  to  headquarters.  Even 
worse,  it  increases  the  risk  that  your 
organization  will  lose  support  staff 
who  get  tired  of  the  early-morning  fire 
alarms — or  the  mid-morning  or  early 
evening  calls  to  arms. 


In  most  cases,  the  answer  to  the  problem  isn’t  hiring  dedicated 
IT  workers  to  service  those  branch  offices.  “IT  shouldn’t  require 
that  a  box  gets  delivered  with  a  person  to  manage  it,”  says  John 
Katsaros,  a  principal  at  Internet  Research  Group.  “Branch  offices 
should  be  running  without  IT  personnel.” 

The  trick  is  to  do  so  efficiently,  without  significantly  increasing 
costs,  workloads  or  stress  levels.  Unfortunately,  many  businesses 
operating  offices  without  IT  staff  are  doing  so  extremely 
inefficiently.  Consider  the  hypothetical  example  of  an  organization 
managing  150  remote  devices.  It  could  easily  spend  tens  of 
thousands  of  dollars  every  year  just  on  labor  costs  to  support  that 
equipment  (see  chart,  next  page).  With  branch  offices  growing  at 
almost  7  percent  annually,  those  costs — bad  enough  already — could 
soon  become  insupportable.  Combined  with  the  cost  of  labor  to 
support  hundreds  more  data  center  devices,  the  organization  could 
be  looking  at  close  to  a  half-million  dollars  in  IT  staff  expenses,  if 
not  more. 

Avocent®’s  out-of-band  management  solutions  make  it  possible 
to  address  remote  site  and  data  center  system  issues  from  a  central 
console,  thereby  reducing  by  as  much  as  70  percent  the  time  it 
takes  to  respond  to  off-  and  on-site  problems  during  business 


personnel  on-site. 
An  out-of-band 


Avocent 


CIO 


The  Power  of  Being  There. 


Custom  Solutions  Group 
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The  Costs  of  Remote  Device  Support 

This  hypothetical  example  provides  an  eye-opening  look  into  the  labor  costs 
of  a  strategy  that  relies  on  providing  on-site  support  to  remote  offices. 

Total  number  of  GUI  remote  devices  that  require  managing 

50 

Average  number  of  incidents  requiring  remote  access  per  device  per  year  6 

Total  number  of  Linux/Solaris/Network  devices  that  require  managing  100 

Average  number  of  incidents  per  CLI  device  requiring  access  each  year  4 

Percentage  of  incidents  during  standard  business  hours 

75% 

Percentage  of  incidents  that  occur  after  hours 

25% 

Average  density  of  remote  devices  per  site 

5  (GUI),  5  (CLI) 

Average  response  time,  business  hours 

30  minutes 

Average  response  time,  after  hours 

120  minutes 

System  engineer  hourly  rate  during  business  hours 

$75 

System  engineer  hourly  rate  after  hours 

$150 

Remote  system  engineer  costs,  business  hours 

$19,687.50 

Remote  system  engineer  costs,  after  hours 

$52,500.00 

Total  annual  remote  site  costs 

$72,187.50 

Source:  Avocent  ROI  Model 

hours,  and  they  can  cut  by  as  much  as  95  percent  the  response 
time  for  after-hours  service.  In  a  deployment  similar  to  the 
example  above,  this  can  translate  into  hundreds  of  thousands  of 
dollars  in  savings  on  system  engineer  costs  for  supporting  both 
local  and  remote  sites. 

The  advantages  go  beyond  savings  on  labor  costs  to  the  gas, 
wear  and  tear,  and  other  expenses  related  to  “truck  rolls”  to 
off-site  locations.  An  out-of-band  management  solution  such  as 
Avocent’s  KVM-over-lP  appliance  helps  organizations  deal  with 
a  number  of  trends  that  threaten  IT’s  ability  to  support  critical 
systems.  Consider:  Nearly  30  percent  of  companies  plan  to 
downsize  IT;  IT  staff  already  are  spending  25  percent  of  their  time 
supporting  remote  offices;  and  technicians  today  are  responsible 
for  an  ever-increasing  number  of  devices  that  they  are  trying  to 
manage  with  a  hodgepodge  of  tools. 

Many  Devices,  One  Interface 

“Fifteen  years  ago,  there  may  have  been  50  PCs  or 
workstations  per  technician,”  says  Jeffrey  Nudler,  senior  analyst 
at  the  IT  research  firm  Enterprise  Management  Associates. 
“Today  that  has  grown  to  thousands  of  devices  per  technician, 
and  the  skill  level  necessary  to  service  those  has  grown  as 
well,  because  the  functionality  of  those  devices  has  increased 
tremendously”  An  organization  has  to  consider  how  it’s 
supposed  to  handle  support  for  all  the  devices  under  that 
technicians  control  when  he  has  to  go  out  to  service  a  remote 
site,  Nudler  says — and  when  there  are  fewer  bodies  who  are 
trained  on  the  tools  to  manage  those  systems  to  pick  up  the 
slack. 

Deploying  an  out-of-band  solution  that  provides  a  single 
interface  to  manage  multiple  devices  will  address  these 
challenges.  That’s  just  the  start  of  the  benefits  it  offers.  The 
technology  also  will  create  opportunities  for  organizations  to  get 
the  most  value  from  their  investment  in  IT  staff. 


An  out-of-band  management  solution 
opens  the  door  for  organizations  to  make 
the  best  use  of  their  IT  personnel  assets. 
Subject  matter  experts,  for  instance,  won’t 
have  to  spend  hours  solving  problems  off¬ 
site,  where  their  availability  to  address  other 
issues  that  arise  in  their  area  of  expertise  is 
limited. 


Collaborate  Globally 

Companies  that  operate  globally  will 
be  able  to  institute  “follow-the-sun”  help¬ 
desk  initiatives.  That  is,  they  can  take 
advantage  of  IT  experts  worldwide,  who 
can  be  empowered  to  solve  problems  at 
any  branch  location  without  ever  leaving 
their  desks,  never  mind  their  countries. 
Businesses  can  put  IT  workers  at  their 
office  in  Germany  in  charge  of  managing 
problems  that  arise  in  the  wee  hours  of  the 
morning  in  New  York,  for  instance.  Not 
only  does  this  improve  the  utilization  of 
IT  staff  resources,  but  it  also  can  save  the 
higher  labor  costs  associated  with  overtime  fees  when  after- 
hours  support  is  handled  locally. 

Equally  important,  deploying  out-of-band  management 
solutions  helps  businesses  improve  the  work-life  balance  for 
their  IT  employees.  KVM-over-IP  tools  remove  multiple  pain 
points  that  frustrate  staff,  according  to  IT  managers.  “You  can 
fix  it  in  your  pajamas  from  home,”  one  IT  manager  recently 
commented  about  using  these  tools.  “You  don’t  have  to  get  in 
the  car  and  drive  into  the  office.  It’s  a  quality-of-life  thing.” 

Additionally,  Avocent’s  DSView®  3  management  software 
can  facilitate  collaboration  among  subject  matter  experts  on 
service  issues  within  the  IT  organization.  “Collaboration  is 
becoming  more  and  more  significant,  because  you  no  longer 
can  fix  a  network  and  hope  that  the  services  will  be  fine  without 
understanding  how  the  network  supports  the  application  and 
the  servers,”  says  Nudler. 

Finally,  the  time  and  cost  savings  and  productivity  boosts 
that  organizations  will  enjoy  when  they  deploy  out-of-band 
management  solutions  will  free  up  staff  to  devote  to  better 

analyzing  the  needs  of 
all  their  branch  offices. 

At  last,  they  will  have 
an  opportunity  to 
determine  specifically 
what  equipment  should  be 
located  at  various  remote 
sites  to  ensure  effective 
operations — and  what  systems  can  be  removed  to  simplify 
operations,  without  incurring  a  performance  hit.  They  also 
can  study  whether  certain  key  offices  really  do  have  the  user 
and  mission-critical  application  requirements  that  may  justify 
requiring  on-site  IT  personnel  some  or  all  of  the  time. 

If  these  benefits  don’t  add  up  to  a  good  night’s  sleep — for  IT 
managers  and  staff — then  nothing  will.  Sweet  dreams.  • 


To  learn  more  about  Avocent’s 
branch  solutions  and  to  download 
a  white  paper  on  how  to  begin 
planning  your  branch  office 
strategy,  please  visit 
www.avocent.com/CIOmagazine. 


More  than  480  of  your  peers  in  the  CIO  Executive  Council  have  begun 
to  change  the  perceptions  of  IT  across  the  globe  by  collaborating  on  issues 
most  important  to  the  CIO  community. 


Join  CIO  Executive  Council  members  at  the  CIO  Leadership  Conference 
from  April  29-May  1,  2007.  With  a  focus  on  transforming  the  role  of  the 
CIO  and  enterprise  strategy,  attendees  will  kick  off  their  visit  with  a 
complimentary  reception  and  open  house,  courtesy  of  the  CIO  Executive 
Council.  The  2007  Ones  to  Watch  Award  will  also  be  presented  to  future  IT 
leaders  during  a  special  ceremony. 


For  more  information,  visit  www.cio.com/leader_2007. 


CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


The  CIO  Executive  Council  is  the  world’s  first  professional  association  focused 
exclusively  on  the  CIO.  Founded  in  2004  by  the  readers  of  CIO  magazine,  Council 
members  are  committed  to  leveraging  the  individual  and  collective  strengths  of  the 
community  of  CIOs  to  advance  the  CIO  profession  and  its  role  in  driving  shareholder 
results  for  their  respective  organizations.  In  just  over  two  short  years,  the  CIO  Executive 
Council  has  grown  to  more  than  480  CIOs  worldwide,  representing  executive  leadership 
in  organizations  with  approximately  $2  trillion  (USD)  in  annual  revenues. 


Founded  by 


Business 

Technology 

Leadership 


For  information  on  membership,  please  visit  www.cioexecutivecouncil.com. 


APPLIED  INSIGHT 


James  M.  Kerr 


An  Architecture 
for  the  Future 

You  can’t  build  a  robust,  agile  enterprise  architecture  on  the  fly.  You  gotta  make  plans. 


■ 


Today,  organizations  need  to  learn  to  make  work¬ 
flow  changes  on  the  fly.  Otherwise,  consumers 
and  trading  partners  alike  are  ready  to  move  on. 
This  puts  tremendous  pressure  on  organizations 
to  fully  automate  business  operations  wherever  possible  and 
adjust  them  dynamically  without  any  disruption. 

Obviously,  if  this  were  easy,  everyone  would  be  doing  it. 
Good  architectural  design  isn’t  enough.  You  also  need  flexibil¬ 
ity  and  resilience.  Businesses  seeking  to  compete  on  a  global 
scale  should  consider  the  following  approach: 

Step  1:  Architecture  Framework 

The  first  step  is  to  establish  a  framework  that  presents  a  set  of 
architectural  principles  that  support  the  organization’s  busi¬ 
ness  goals  and  strategic  drivers. 

For  example,  Fifth  Third  Bancorp,  a  $105.8  billion  diversi¬ 
fied  financial  services  company  headquartered  in  Cincinnati, 
adopted  these  architectural  principles: 

■  A  multitiered  processing  environment  is  necessary  to  enable 
the  distribution  of  processing  capabilities. 

■  Applications  should  be  independent  of  the  underlying  tech¬ 
nology  on  which  they  are  implemented. 

■  Interchangeable  hardware  components  must  be  used  on  all 
platforms  and  tiers. 

Step  2:  Baseline  Environment 

It’s  important  to  get  a  baseline  of  the  current  environment— 
both  business  operations  and  IT  systems— to  define  what 
works  well  and  what  must  be  improved  in  order  to  meet  the 
future  needs  of  the  organization. 
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ILLUSTRATION  BY  PHIL  WHEELER 


The  CFO  wants  better  margins 


The  COO  wants  better  ways  to  manage  costs 


The  CIO  wants  the  same  and  now  has  a  way  to  make  it  happen 


Welcome  to  Business  Service  Management  from  BMC  Software.  Business  Service  Management  (BSM) 
means  the  goals  of  IT  are  the  same  as  the  goals  of  the  business.  And  with  proven  software  and  processes 
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from  BMC  Software,  BSM  can  be  implemented  in  stages,  demonstrating  the  value  of  IT  as  you  go. 
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All  business  success  stories  have  to  start  somewhere.  With  BSM,  they  begin  in  IT. 


www.bmc.com/value 


ACTIVATE  BUSINESS  WITH  THE  POWER  OF  J.T 
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James  M.  Kerr  applied  insight 


What’s  striking  about  baseline  assessment  work  is  that  it 
usually  reveals  issues  that  the  organization  already  is  aware 
of  intuitively— such  as  a  need  to  speed  process  redesign.  How¬ 
ever,  what  were  once  only  hunches  about  the  environment  can 
now  be  supported  by  hard  data. 


and  organizes  them  into  three  tiers  or  implementation  pla¬ 
teaus.  The  second  part  produces  first-cut  project  plans  for 
each  of  the  initiatives  on  the  implementation  agenda. 

The  first-cut  plans  include  details  about  the  initiative  such 


Step  3:  Target  Definition 

The  target  definition  phase  is  designed  to 
identify  the  new  IT  projects  that  must  be 
staffed  and  funded  down  the  road.  Start 
by  asking  the  management  team  (either 
in  a  workshop  or  an  interview  setting)  to 
paint  its  vision  for  the  future  deployment 
of  IT  within  the  enterprise. 

For  example,  the  Metro  Group,  one  of  the  largest  trading 
and  retail  groups  in  the  world  with  more  than  2,300  stores 
across  28  countries,  envisioned  what  it  calls  a  “store  of  the 
future.”  Making  that  happen  called  for  exploiting  RFID 
technology  to  track  products  through  their  entire  lifecy¬ 
cle— from  production  to  the 


Lean,  Mean  Architecture 


Clearly,  robust  and  easily  modifiable 
automation  is  fundamental  to  achiev¬ 
ing  an  enterprise's  vision  for  the 
future.  However,  such  benefits  don't 
come  without  their  price. 


For  more  information  on  James  Kerr’s 
book,  The  Best  Practices  Enterprise, 
go  to  www.cio. com/030107. 

cio.com 


shelves  to  the  sale.  RFID- 
tagged  items  would  be  placed 
on  pallets  and  scanned  upon 
leaving  the  warehouse;  ship¬ 
ping  data  would  be  sent  to 
the  store  manager  for  review; 
upon  receipt  at  the  store  the  pallets  would  be  scanned  again, 
and  any  discrepancies  would  immediately  generate  a  report. 
Anything  missing  or  damaged  could  be  replaced  through  a 
follow-up  order.  RFID-equipped  shopping  carts  would  be 
used  to  monitor  customer  length  of  stay  and  average  pur¬ 
chase.  Item  replenishment  would  be  triggered  by  the  system 
when  low  volume  is  indicated.  Misplaced  items  would  be 
flagged  for  restocking. 

Clearly,  this  vision  will  require  many  IT  initiatives:  from 
RFID  vendor  selection  to  new  order  processing  and  inventory 
control  applications.  But  this  exercise  helps  ensure  that  all 
those  IT  initiatives  are  targeted  to  strategic  business  goals. 

Step  4:  Gap  Analysis 

A  gap  analysis  is  required  to  compare  the  baseline  with  the 
target  and  identify  what’s  missing.  For  example,  besides  the 
RFID  selection  and  new  inventory  applications,  the  Metro 
Group  also  needed  to  identify  projects  to  address  skill  gaps, 
and  to  process  redesign  needs  and  a  whole  host  of  standards 
and  best-practice-based  initiatives  needed  to  help  it  bridge  the 
gap  between  its  current  and  future  IT  environments.  It’s  not 
unusual  for  this  work  to  spawn  20  to  30  new  IT  initiatives. 

Step  5:  Implementation  Planning 

Implementation  planning  is  performed  in  two  parts.  The  first 
part  takes  the  project  opportunities,  documents  them  fully 


as  project  name,  description,  critical  success  factors,  task  lists, 
key  deliverables,  essential  skills  required  and  project  interde¬ 
pendencies— all  the  information  that  an  organization  needs 
to  drive  execution.  These  plans  are  a  handy  way  for  the  archi¬ 
tecture  development  team  to  pass  its  insights  on  to  the  project 
managers  who  will  follow  them. 

Step  6:  Architecture  Administration 

Once  an  architecture  has  been  developed,  it’s  important  to  cre¬ 
ate  a  governance  mechanism  to  ensure  that  it  remains  syn¬ 
chronized  with  the  strategic  direction  of  the  organization— an 
important  continuous  process  improvement  step  that  is  often 
overlooked. 

It’s  not  unusual  for  an  enterprise  to  establish  a  project  man¬ 
agement  office  (PMO)  to  oversee  the  execution  of  the  archi¬ 
tecture  plan.  Myriad  communication  vehicles— newsletters, 
intranet  sites,  sponsor-review  meetings  and  post-project 
assessment  documents— emerge  from  the  PMO  as  a  means  of 
improving  cross-project  and  cross-company  knowledge  shar¬ 
ing  and  transfer. 

Clearly,  robust  and  easily  modifiable  automation  is  fun¬ 
damental  to  achieving  an  enterprise’s  vision  for  the  future. 
However,  such  benefits  don’t  come  without  their  price.  Hard 
work  and  management  commitment,  both  from  IT  and  from 
the  highest  levels  of  the  business— including  the  CEO— are 
needed  to  build  the  kind  of  integrated  IT  architecture  plans 
that  will  make  the  difference  between  success  and  failure  in 
today’s  highly  competitive  business  climate.  Your  customers 
and  trading  partners  are  waiting.  BE] 

James  M.  Kerr  is  the  former  CIO  of  Mitsui  Sumitomo  Insurance  Group 
and  is  adjunct  professor  at  the  Lally  School  of  Management  at  Rensselaer 
Polytechnic  Institute.  His  latest  book,  The  Best  Prac¬ 
tices  Enterprise,  contains  a  chapter  on  the  Resilient 
IT  Architecture  (RITA),  on  which  this  article  is  based. 

He  can  be  reached  at  jkerr@kerr-consulting-group 
.com.  To  comment  on  this  article,  go  to  www.cio 
.com/030107. 
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UNDETECTED  DEFECTS  LURKING  IN  I 
YOUR  CODE  CAN  PROVE  DISASTROUS 
FOR  YOUR  BUSINESS. 


Hidden  bugs  in  your  valuable  source  code  can  have  serious  consequences  for  your  software— countless  patches, 
drops  in  customer  satisfaction,  product  recalls  or  worse.  You  need  to  know  all  your  code  is  clean.  Coverity  offers  advanced 
source  code  analysis  products  for  the  detection  of  hazardous  defects  and  security  vulnerabilities.  Catastrophic  errors 


are  identified  immediately  as  code  is  written,  assuring  the  highest  possible  code  quality— no  matter  how  complex  your 
code  base.  This  allows  your  developers  to  spend  less  time  searching  for  bugs  and  more  time  adding  value  to  your  product. 


FREE  TRIAL:  Let  us  show  you  what  evil  lurks  in  your  code.  Go  to  www2.coverity.com  to  request  a  free  trial  that  will 


<S 


coverity 


scan  your  code  and  identify  defects  hidden  in  it 


Your  code  is  either  coverity  clean — or  it’s  not 


Ceralitis  Capitals, 
or  Medfly-unchecked,  J 
crop  damage  estimated 
at  $821  million  per  year.  tZSXi 
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Susan  Cramm  executive  coach 


True  Colors 

Character  is  an  essential  element  of  leadership.  Here's  how  to  develop  yours 
and  let  it  shine. 


In  my  experience,  most  people  are  good.  Walk  the  halls 
of  any  company  and  you  will  find  committed  parents, 
involved  community  members  and  hardworking  pro¬ 
fessionals.  How  then  to  explain  the  fact  that  on  a  daily 
basis  many  of  us  behave  badly,  demonstrating  such  self-defeat¬ 
ing  behaviors  as  pessimism,  selfishness  and  insecurity? 

Consider  an  IT  executive  named  Carl.  Carl  loves  to  learn  new 
things  and  make  a  difference.  He  is  a  huge  asset  to  his  organi¬ 
zation  and  gets  the  hard  work  done.  Unfortunately,  many  who 
work  with  him  don’t  trust  him  because  of  his  “Lone  Ranger” 
tendencies.  While  impressed  with  his  ability  to  deliver,  others 
criticize  his  motives.  They  assume,  based  on  his  behaviors,  that 
he  is  concerned  only  with  promoting  his  career. 

Carl’s  challenge  is  one  of  character,  and  it  is  one  that  he  must 
address.  Character  is  essential  to  leading  others  and  contrib¬ 
uting  productively  over  the  long  term.  In  fact,  research  con¬ 
cludes  that  it’s  impossible  to  be  an  effective  leader  without 
strong  character. 

Character  is  defined  as  having  high  integrity,  as  exhibited 
in  the  following  behaviors,  according  to  the  Center  for  Leader¬ 
ship  .Solutions  and  the  book  The  Extraordinary  Leader. 

■  Making  decisions  based  on  what  is  best  for  the  company 
versus  personal  gain 
■  Stating  opinions  honestly 
■  Delivering  on  commitments 
■  Taking  a  stand  on  tough  issues 
■  Being  approachable  and  asking  for  feedback 
■  Treating  everyone  the  same 
■  Trusting  and  working  collaboratively  with  others 
■  Being  emotionally  resilient  in  changing  situations 
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Advanced  security  not  only  protects  your  network. 
It  does  wonders  for  your  confidence. 


Trend  Micro™  Client  Server 
Messaging  Security _ 

•  Protects  PCs,  Windows®  servers  and  Microsoft® 
Exchange  servers  against  viruses,  spam  and  hackers 

•  Provides  systems  with  24  x  7  real-time  threat 
monitoring,  pulse-point  reporting  and  automatic 
threat  protection 

•  Identifies  vulnerabilities,  prevents  threats  and  cleans 

up  —  all  without  intervention  o 


51-250  user  license  with  one-year  Maintenance1 
$38.99  CDW  864739 


•  total  Protection 


McAfee  Total  Protection 

for  Enterprise  -  Advanced _ 

•  Delivers  comprehensive  threat  prevention, 
centralized  management  and  scalable  network 
access  control 

•  Enables  organizations  to  proactively  block 
known  and  unknown  attacks 

•  Ensures  business  continuity  by  controlling 
non-compliant  endpoints 

•  Includes  network  access  control,  host  intrusion 
prevention,  antispyware,  antispam,  antiphishing, 
antivirus  and  firewall 

1 01  -250  user  license2  $69.99  CDW  96731 9 


McAfee 


SonicWALL  Email  Security  4003 

•  Powerful,  easy-to-use  inbound  and  outbound 
e-mail  threat  management 

•  Stops  spam,  viruses  and  phishing  attacks 

•  Prevents  leaks  in  confidential  information 

•  Stops  violation  of  regulatory  compliance  laws 

•  Ideal  for  medium-to-large  businesses 


750  user  license  Call  CDW  10441 54 


We're  There  With  The  Security  Solutions  You  Need. 

Today's  sophisticated  security  threats  go  way  beyond  what  antivirus  can  handle.  That's  why  at  CDW,  we're  there  with  all  the 
technology  you  need  for  full  server  protection.  From  e-mail  security  to  intrusion  prevention  to  data  protection  and  beyond, 
we  have  a  wide  variety  of  the  top  names  in  the  industry.  And  we  have  the  expertise  to  answer  questions,  offer  advice  and 
build  solutions  that  will  hold  up  to  the  worst  threats  out  there.  So  call  today  and  get  the  total  protection  you  need. 


The  Right  Technology.  Right  Away. 

CDW.com  •  800.399.4CDW  | 


Are  your  people  limited  in  how  and  where  they  work  with  customers  and  data?  Give  them 
remote  access  and  the  possibilities  for  success  are  endless.  Microsoft®  Exchange  Server  2007 
delivers  unified  messaging  with  advanced  security  to  everyone,  anywhere.  See  how  greater 
access  drives  global  innovation  at  Orange  Business  Services  at  microsoft.com/exchange 


Business 

Services 
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Susan  Gramm 


EXECUTIVE  COACH 


It  may  seem  as  if  it’s  easy  to  evaluate  the  character  of  others 
based  on  their  behaviors,  but  it  isn’t.  Carl  has  outstanding 
character.  He  bleeds  the  company  colors  and  treats  his  staff 
like  his  kids.  He  isn’t  really  concerned  about  power— he  just 
wants  to  make  a  difference,  do  interesting  work  and  be  rec¬ 
ognized  for  his  efforts.  His  integrity  is  in  question  because  he 
is  hard  to  get  to  know  and  does  much  of  his  thinking  on  his 
own.  He  isn’t  very  approachable  or  skilled  at  working  col- 
laboratively.  When  he  states  opinions,  he  sounds  harsh  and 
judgmental. 

Carl’s  not  the  only  one  getting  a  bad  rap  in  the  character 
department.  We  are  predisposed  to  judge  others  negatively 
in  the  heat  of  the  battle  because  there  is  little  time  to  com¬ 
municate  and  much  to  get  done.  For  those  who  would  lead, 
the  challenge  is  to  adopt  or  emphasize  behaviors  that  allow 
character  to  shine  through.  In  my  experience,  there  are  three 
behaviors  that,  when  demonstrated  consistently,  ensure  that 
a  leader’s  true  colors  are  visible  to  others. 

Break  through  the  negativity.  It’s  easier  to  question,  dis¬ 
sect  and  disregard  than  to  embrace,  enhance  and  support. 
Great  leaders  express  excitement  about  the  future  and  con¬ 
fidence  in  the  abilities  of  others.  I  have  heard  many  CIOs 
talk  in  one  breath  about  alignment  and  in  the  next  disparage 
their  business  partners.  I  have  also  heard  CIOs  interested  in 
improving  internal  collaboration  within  IT  gossip  about  their 
direct  reports  with  others  in  their  department.  If  you  have  a 
dark  side,  take  it  home  and  share  it  with  your  dog. 

Learn  together.  Nothing  says  “It’s  all  about  me”  faster 
than  the  show-and-tell  kind  of  collaboration.  This  occurs 
when  a  leader  analyzes  a  problem  and  makes  decisions  with¬ 
out  feedback  from  those  most  affected  by  the  issue  at  hand. 
Show-and-tell  leadership  is  in  play  when  the  primary  form 
of  collaboration  occurs  in  large  meetings  where  leaders  pitch 
their  ideas  using  PowerPoint  or  when  typical  leadership  lingo 
includes  the  terms  communication  strategy,  buy-in  and  manag¬ 
ing  expectations.  Learning  together  shows  consideration  and 
respect  for  others  and  results  in  better  decisions,  stronger 
commitment  and  more  successful  outcomes. 

Challenge  the  status  quo.  Leaders  who  stay  behind 
their  desks  compromise  the  enterprise’s  long-term  interests. 
Leadership  requires  situational  awareness  and  the  courage  to 
articulate  what  others  are  thinking.  Leaders  who  maintain  a 
distance  from  their  organization  rarely  hear  what  they  need 
to  hear.  Get  real  by  hanging  out  with  your  staff  and  peers, 
asking  questions  and  sharing  your  mistakes,  and  speaking 
up  when  those  around  you  are  losing  their  grip  on  reality. 

Carl  has  adopted  new  behaviors  that  let  his  finer  qualities 
shine  through.  It  hasn’t  been  easy  for  him,  but  as  a  result, 
the  image  that  others  have  of  Carl  is  improving.  By  keeping 
a  few  key  behaviors  in  mind,  we  all  can  better  project  our 
core  values  to  the  benefit  of  our  people,  our  organizations 
and  ourselves. 


Reader  Q&A 

Q:  Your  column  did  not  discuss  accountability.  But  tak¬ 
ing  responsibility  for  your  actions— particularly  mis¬ 
takes— is  never  easy.  How  does  one  overcome  that? 

A:  Interesting  point.  It’s  difficult  to  admit  to  mistakes 
because  we  all  work  to  avoid  the  discomfort  that  comes 
from  doing  so.  We  aim  to  be  in  control.  We  try  to  ignore 
the  little  voice  in  our  heads  that  asks,  “Am  I  good 
enough?”  On  an  organizational  basis,  you  can  encour¬ 
age  others  to  take  responsibility  for  their  actions  by 
admitting  your  own  mistakes  and  sharing  what  you’ve 
learned.  Remind  yourself  that  success  isn’t  the  absence 
of  weaknesses  but  the  presence  of  clear  strengths.  Keep 
in  mind  that  the  inability  to  learn  from  mistakes  has 
derailed  many  careers.  It’s  also  comforting  to  remem¬ 
ber  that  taking  responsibility  for  outcomes,  paradoxi¬ 
cally,  increases  the  perception  of  trustworthiness  and, 
therefore,  character. 

Q:  You  talk  about  character  as  a  prerequisite  for  leader¬ 
ship.  So  why  is  it  that  so  many  “leaders”  fall  short  and 
yet  still  manage  to  rise  to  the  top? 

A:  It’s  true  that  individuals  with  questionable  character 
have  risen  to  the  top  of  many  organizations.  However,  in 
his  book  Good  to  Great,  Jim  Collins  argues  that  companies 
that  prevail  long  term  have  a  leadership  culture  based  on 
humility  and  trust.  Great  companies  have  broad  and  deep 

leadership  teams  of 
talented  peers  who 
are  able  to  confront 
the  brutal  facts, 
engage  in  vigorous 
debate  and  support 
each  other  despite 
differences  of  opinion.  Collins  underscores  that  good  to 
great  companies  place  “greater  weight  on  character  attri¬ 
butes”  than  on  specific  knowledge  or  skills. 

Q:  Carl's  character  sounds  unimpeachable.  Isn’t  his 
problem  a  failure  to  communicate? 

A:  Carl’s  character  is  unimpeachable,  but  his  actions  are 
confusing  to  others  because  he  isn’t  inclusive  in  his  pro¬ 
cess  of  making  decisions.  Leaders  who  think  and  act  alone 
often  fall  victim  to  others  attributing  negative  motives  to 
their  actions.  GEI 


Susan  Cramm  is  founder  and  president  of 
Valuedance,  an  executive  coaching  firm  in 
San  Clemente,  Calif.  You  can  e-mail  feedback 
to  s  usan@valuedance.com. 


Have  a  Leadership  Question? 


For  more  reader  QUESTIONS  and 
answers  from  SUSAN  CRAMM,  go 
online  to  www.cio.com/leadership. 
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BT  brings  it  all  together: 

•  Network  Convergence 

•  Security  Services 

•  Mobility  Solutions 

•  IP  Contact  Centres 

•  Service-Oriented 
Infrastructures 

On  a  global  scale. 


Hackers  don’t  sign 
in  at  reception. 

Security  used  to  be  about  the  perimeter. 

Now  it’s  about  protecting  yourself  wherever  you 
do  business. 

BT  delivers  security  as  an  innovative  range  of 
consulting  and  managed  services  that  improve 
your  defences  while  controlling  costs. 

Our  security  experts  have  helped  design,  secure 
and  manage  some  of  the  world’s  most  complex, 
critical  infrastructures.  Because  in  the  digital 
networked  economy,  security  is  a  network  issue. 

Talk  to  us. 

www.bt.com/networked 

BT^ 

Bringing  it  all  together 


■I  Kenneth  G.  Brill  THINK  TANK 


Rising  energy  costs  are  short-circuiting  performance  gains  from  faster,  cheaper  servers. 
Fortunately,  there  are  steps  you  can  take  to  keep  your  costs  in  line. 


erver  prices  are  dropping,  performance  is  increas¬ 
ing,  and  IT  is  consuming  less  space.  So  why  is  total 
cost  of  ownership  headed  through  the  roof? 

The  problem  lies  deep  within  the  data  center, 
far  beneath  the  radar  of  most  CIOs.  While  everyone  has  been 
focused  on  smaller,  faster  and  cheaper  servers  (and  their  ful¬ 
fillment  of  Moore’s  Law),  almost  no  one  has  been  watching  the 
expenses  associated  with  powering  and  cooling  them.  If  this 
line  item  isn’t  already  screaming  for  your  attention,  it  soon  will 
be.  And  unless  you  address  the  problem  head  on,  no  manner  of 
outsourcing,  staffing  cuts  or  freezing  of  capital  spending  will 
save  your  budget. 

Facilities  and  infrastructure  now  account  for  anywhere 
between  1  percent  and  3  percent  of  IT’s  budget,  according  to  a 
study  done  by  my  organization.  The  Uptime  Institute.  Rising 
energy-related  costs,  including  electricity,  will  push  these  line 
items  up  to  between  5  percent  and  15  percent  in  the  next  few 
years.  That’s  enough  for  the  CEO  and  CFO  to  begin  scrutiniz¬ 
ing  how  the  IT  budget  is  being  spent. 

Chip  makers  AMD,  IBM  and  Intel  are  well  aware  of  this 
problem.  The  dual-core  and  quad-core  processors  they’ve 
introduced  over  the  past  several  months  weren’t  just  a  fluke: 
These  chips  offer  increased  performance  for  less  power,  at 
least  in  some  applications.  Nevertheless,  more  chips  are  being 
packed  into  the  same  space,  so  total  power  consumption  trends 
still  point  relentlessly  upward.  Another  Institute  study  of  real- 
world  data  center  operations  predicts  that  the  purchase  price 
for  a  rack  of  servers  will  drop  from  $138,000  today  to  about 
$103,000  in  2012.  But  the  number  of  watts  required  to  power  a 
full  server  cabinet  will  increase  from  about  15,000  currently  to 
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HIDING  IN  EVERY  PASSWORD  STUCK  TO  A  MONITOR 


Discover  Identity  Management  from  Novell®.  Infrastructure  for  innovation.™ 

It’s  the  infrastructure  that  takes  the  complexity  out  of  identity  management  with  user-provisioning 
and  single  sign-on  access  -  all  while  securing  your  data  and  ensuring  regulatory  compliance  for 
you.  So  you  can  let  the  right  people  in,  keep  the  wrong  people  out,  and  help  everyone  be  more 
productive.  Just  one  more  piece  of  the  Open  Enterprise:  all  the  infrastructure  it  takes  to  innovate. 


Innovate  today  at  www.novell.com/secure 


Novell 

This  Is  Your  Open  Enterprise.’” 


Copyright  ©2007  Novell,  Inc.  All  rights  reserved.  Novell  and  the  Novell  logo  are  registered  trademarks  and  This  Is  Your  Open  Enterprise  and  Infrastructure  for  innovation  are  trademarks  o!  Novell.  Inc.  in  the 
United  States  and  other  countries.  All  other  third-party  trademarks  are  the  property  of  their  respective  owners. 


Kenneth  G.  Brill 


THINK  TANK 


between  22,000  and  170,000  depending  on  power  improve¬ 
ment  assumptions.  As  a  result,  within  five  years,  the  cost  to 
power  and  cool  a  server  cabinet  over  its  three-year  projected 
life  could  rise  from  the  current  $206,000  to  as  much  as  $2.3 
million.  That’s  anywhere  from  300  percent  to  2,250  percent 
of  the  equipment  purchase  price. 

Note  that  this  is  the  price  tag  for  just  one  full  cabinet!  In 
good  times,  rising  profits  can  be  siphoned  off  to  cover  these 
facility  costs.  But  in  bad  times,  don’t  be  surprised  to  find 
the  CFO  scrutinizing  IT  productivity  gains  per  total  dol¬ 
lars  spent.  Will  they  allow  increases  in  IT’s  budget  to  cover 
increasing  facility  costs?  More  likely,  they  will  demand 
cuts  from  somewhere.  Fortunately,  new 
energy  efficiency  research  and  best  prac¬ 
tices  can  help  reduce  costs  until  chip  and 
hardware  manufacturers  can  reverse  the 
current  trends. 


for  fear  that  they  might  affect  mission-critical  operations.  But 
most  of  the  time  they  don’t  even  know  what’s  on  those  servers, 
how  well  they’re  utilized  or  whether  some  functions  could  be 
offloaded  to  other  servers. 

Cooling  Ideas 

Another  recent  study  of  ours  found  that  in  most  computer 
rooms,  cooling  capacity  is  wasted.  Hot  spots  occur  despite  hav¬ 
ing  three  to  22  times  more  cooling  than  the  heat  load  requires. 
In  a  server  closet,  these  hot  spots  waste  a  few  dollars.  In  a 
10,000-square-foot-plus  data  center,  they’re  more  like  a  wide 
open  suitcase  packed  with  thousand-dollar  bills. 


A  New  Look  at  Data  Center  ROI 

Effectively  dealing  with  facility  costs 
requires  a  new  way  of  looking  at  IT  spend¬ 
ing  and  data-center  management. 

Start  with  the  justification  processes  for 
new  applications.  They  must  be  changed 
to  take  energy-related  costs  into  account.  The  TCO  of  a  power- 
hungry  application  covers  more  than  IT  hardware,  software 
and  maintenance  costs.  One  major  financial  institution  didn’t 
consider  facilities  in  its  decision  to  spend  $22  million  on 
blades— and  then  discovered  that  it  needed  an  additional  (and 
unbudgeted)  $54  million  to  install  extra  power  and  cooling 
capacity.  Key  questions  to  consider  include  how  critical  the 
application  is  to  the  enterprise  and  who  is  going  to  foot  the 
total  bill  for  it— including  the  cost  of  power  and  cooling. 

Next,  IT  performance  has  to  be  measured  and  optimized 
against  watts  consumed  in  operation.  Charge-back  formu¬ 
las  traditionally  have  been  based  on  space  (for  example,  cost 
per  square  feet),  but  power  consumption  (watts)  is  the  real 
driver  of  facility  expenses.  Continuing  to  allocate  data  center 
expenses  by  space  perpetuates  decisions  with  invisible  and 
costly  consequences  because  minimizing  space  has  almost  no 
impact  on  actual  data  center  facility  costs. 
_  Finally,  CIOs  need  to 


Better  Data  Center  Management 


Total  power  consumption  trends 
point  relentlessly  upward.  Within 
five  years,  the  cost  to  power  and  cool 
a  server  cabinet  over  its  three-year 
projected  life  could  rise  to  between 
300 percent  and 2,250  percent  of  the 
equipment  purchase  price. 


Read  more  about  IMPROVING  DATA 
CENTER  OPERATIONS  online  at 
www.cio.com/030107. 

cio.com 


take  a  hard  look  at  what  is 
in  their  data  centers.  Deter¬ 
mine  how  much  of  your 
site’s  capacity  (in  terms  of 
space,  power  and  cooling)  is 
being  used,  and  how  close 
you  are  to  running  out.  Recover  capacity  by  consolidation  and 
virtualization.  Simply  turning  off  dead  servers  can  cut  power 
consumption  between  10  percent  and  30  percent.  Most  data 
center  managers  are  afraid  to  pull  the  plug  on  old  systems 


Here  are  two  inexpensive  fixes.  First,  you  can  reduce  cold 
air  loss  by  sealing  the  cable  openings  in  your  raised  floor. 
Up  to  50  percent  of  cold  air  is  wasted  via  this  bypass  air¬ 
flow.  Sealing  just  24  openings  (at  a  cost  of  $100  per  opening) 
will  typically  save  you  from  having  to  buy  another  $30,000 
cooling  unit.  Second,  stop  cooling  units  from  “dueling”  (a 
situation  in  which  one  unit  dehumidifies  the  air  while  adja¬ 
cent  ones  simultaneously  humidify  it).  These  are  the  lowest 
hanging  fruit  in  an  energy  efficiency  tune-up  of  your  data 
center.  Taking  these  steps  provides  you  with  a  possible  sav¬ 
ings  of  up  to  25  percent. 

Moore’s  Law  is  no  longer  a  good  predictor  of  IT  productivity 
because  rising  facility  costs  have  fundamentally  changed  the 
economics  of  running  a  data  center.  Even  if  you  try  to  reduce 
costs  by  outsourcing,  the  outsourcer  will  be  confronted  with 
the  same  changed  economics.  By  rethinking  the  fundamen¬ 
tals  of  how  new  equipment  purchases  are  justified,  by  taking 
increasing  site  costs  into  account  when  choosing  equipment 
and  by  doing  an  energy  tune-up  of  their  data  center,  CIOs  can 
continue  to  reap  the  benefits  of  more  powerful  processors 
without  breaking  the  budget.  (313 


Kenneth  G.  Brill  is  the  founder  and  executive  director 
of  The  Uptime  Institute  ( www.uptimeinstitute.org ), 
which  helps  companies  improve  their  uptime  effec¬ 
tiveness.  He  can  be  reached  at  kgb@uptimeinstitute. 
org.  To  comment  on  this  article,  go  to  the  online 
version  at  www.cio.com/030107. 
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Motion’s  LS800  powered 

by  Intel®  Centrino®  Mobile  Technology. 


Maximize  your  productivity  from  anywhere.  The  LS800  Tablet 
PC  features  Intel®  Centrino®  Mobile  Technology  and  integrated 
high-speed  wireless  connectivity,  so  you  can  be  fully  productive 
in  the  office,  on  the  road  and  everywhere  in  between.  Fill  out 
electronic  forms  using  digital  ink,  take  handwritten  notes  during 
a  meeting  or  access  critical  information  when  and  where  you 
need  it.  No  matter  where  your  work  takes  you,  you’ll  experience 
outstanding  mobile  performance  without  compromise. 


Empower  your  business  with  unlimited  mobility  today. 


1-866-MTABLET 

www.motioncomputing.com 

Contact  your  Motion  Solution  Provider 


MOBILE 

TECHNOLOGY 
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ADVERTISEMENT 


"Data  volumes  are  growing  at 
exponential  rates.  With  these 
vast  stores  of  data,  businesses 
are  seeking  ways  to  turn  data 
into  useful  information  that 
can  be  exploited  for  competi¬ 
tive  advantage.  The  2005 
WinterCorp  TopTen  survey 
results  reveal  significant 
strengths  for  Microsoft  SQL 
Server  in  the  very  large 
database  market  for  both 
data  warehousing  and 
OLTP  systems." 

-  Richard  Winter 

President 

Winter  Corporation 


To  find  out  how  solutions  from 
HP,  Intel  and  Microsoft  can  help 
future-proof  your  company, 

visit  www.futureproofnow.com 


Future-Proof 


The  information  age  is  here. 

But  are  you  ready  for  the  information 
demands  of  tomorrow? 


For  many  companies,  access  to  information  means  everything.  Not  just  market 
and  financial  information,  but  also  customer  buying  trends  and  competitive 
intelligence.  Information  needs  to  be  instantly  available  anytime,  day  or  night. 
Building  an  information  architecture  that  will  meet  today's  demands  and  will 
easily  scale  for  future  needs  requires  a  team  with  experience  building  highly 
advanced  data  center  solutions.  HP,  Intel  and  Microsoft  have  proven  solutions 
that  deliver  enterprise-class  performance  and  reliability  at  lower  cost 
through  the  use  of  the  latest  industry-standard  technology. 


Ten  Terabytes  of  Customer  Data 
And  Growing  -  No  Problem  for 
PREMIER  Bankcard 

For  PREMIER  Bankcard,  Inc.  (PBI),  rapid 
access  to  customer  information  is  vital.  With 
more  than  5  million  customers  and  over  10  tera¬ 
bytes  of  data,  sifting  through  it  all  for  just  the 
right  information  is  no  easy  task.  PBI  is  con¬ 
stantly  adding  customers  and  additional  data  to 
support  analytics,  which  increases  the  size  of  its 
database  by  over  300  gigabytes  each  month.  In 
order  to  design  a  robust  system  that  could  handle 
its  current  data  and  transaction  loads,  and  scale 
well  into  the  future,  PBI  chose  a  solution  from 
HP,  Intel  and  Microsoft. 

PREMIER  Bankcard  needed  a  complete  data 
warehouse  to  conduct  complex  analyses  of  its 
credit  card  customer  base.  PBI  chose  the  HP 
Integrity  rx8620  server  powered  by  16  Intel® 
Itanium®  2  processors,  an  HP  StorageWorks 
EVA5000  SAN  system,  Microsoft®  Windows 
Server™  2003  Datacenter  Edition  and  Microsoft 
SQL  Server1  M  2005. The  deep  analysis  is  completed 
in  layers,  with  over  30  power  users  performing 
elaborate  queries  directly  in  the  data  warehouse 
and  over  2,000  users  running  hundreds  of 
unique  reports  via  SQL  Server  2005  Reporting 
Service.  PBI  is  using  all  aspects  of  Microsoft’s 
Business  Intelligence  offerings  including  SQL 
Server  Integration,  Reporting  and  Analysis 
Services  and  Microsoft  Office  BI  products. 


While  the  single  16-processor  server  provides 
more  than  enough  power  for  PBI’s  current 
needs,  the  opportunity  to  move  to  an  HP 
Integrity  server  in  the  future  with  64  or  more 
multi-core  Itanium  processors  gives  PBI  the 
option  to  scale  to  virtually  any  level.  “This  solu¬ 
tion  is  proving  to  contain  the  perfect  combina¬ 
tion  of  flexibility,  scalability  and  performance 
required  to  support  the  high  growth  rate  that  we 
have  been  enjoying,”  says  Dan  Zerfas,  vice  pres¬ 
ident  of  Software  Development  at  PREMIER 


Bankcard,  Inc. 

A  Major  Transformation  Toward 
Standards-Based  Platforms 

One  reason  PREMIER  Bankcard  has  been  so 
successful  in  building  a  scalable,  yet  affordable, 
database  solution  is  that  it  leveraged  industry- 
standard  components.  Standards-based  computing 


ADVERTISEMENT 


Your  Business 


systems  have  matured  to  the  point  where  they  can  now  handle  the 
most  demanding  enterprise  applications  and  workloads  at  lower  cost 
and  with  greater  flexibility  than  proprietary  RISC  and  mainframe 
systems.  This  fundamental  shift  in  computing  capability  is  helping 
many  of  the  world’s  largest  companies  substantially  reduce  their  total 
costs.  Standards-based  computing  systems  are  also  helping  companies 
to  future -proof  their  data  centers  by  enabling  them  to  easily  scale  up 
or  down  in  response  to  business  needs  and  market  dynamics. 

Enterprise  server  solutions  from  HP,  Intel  and  Microsoft  are  at 
the  center  of  this  transformation.  HP  Integrity  servers  with  dual¬ 
core  64-bit  Intel®  Itanium®  2  processors  and  the  Microsoft® 
Windows  Server  2003  operating  system  not  only  cost  less  than 
traditional  enterprise  systems  —  they  also  deliver  comparable  or 
better  performance,  scalability  and  availability.  They  are  supported 
by  a  larger  community  of  vendors,  and  reduce  life-cycle  costs 
through  simplified  management. 


Standardization  can  also  provide  substantial  benefits  for  users 
who  need  to  access  business  data.  By  using  a  standardized  reporting 
system  based  on  SQL  Server  Reporting  Services,  reports  have  a 
consistent  look  and  feel,  and  users  are  more  productive.  As  a  result, 
PBI  has  reduced  the  time-to-market  of  its  analytic  work  by  more 
than  90%.  A  report  that  took  a  week  to  do  manually  can  now  be 
completed  in  as  little  as  three  hours.  In  addition,  round-the-clock 
system  dependability  means  analysis  is  available  whenever  PBI 
needs  it.  “A  data  warehouse  is  only  as  good  as  the  data  provided  to 
the  end  user,”  says  Zerfas.  “The  reliability  and  performance  of 
Reporting  Services  running  on  an  HP  Integrity  server  allows  our 
users  to  spend  their  time  analyzing  and  managing  information 
instead  of  pulling  data.” 

For  PREMIER  Bankcard,  rapid  data  access  is  everything.  With  the 
help  of  HP,  Intel  and  Microsoft,  the  company  has  built  a  solution  that 
will  carry  it  successfully  into  the  future. 


Future-Proofing  at  Work:  PREMIER  Bankcard,  Inc 


With  more  than  5  million  customers,  PREMIER  Bankcard, 
Inc.  (PBI)  is  one  of  the  leading  credit  card  companies  in  the 
United  States.  PBI  needed  online  transaction  processing 
(OLTP)  and  data  warehouse  solutions  that  could  handle 
over  10  terabytes  of  customer  information  spread  across 
several  databases.  With  its  new  IT  infrastructure  using  an 
ltanium®-based  HP  Integrity  server  running  Microsoft® 
Windows  Server™  2003  and  SQL  Server™  2005,  PBI  is  able 
to  handle  its  current  and  future  data  management  needs. 

"The  technology  in  this  HP/Intel/Microsoft  solution  is 
built  to  grow  with  our  business.  We  don't  have  to  worry 
about  it,"  says  Ron  Van  Zanten,  managing  officer  of 
Business  Intelligence  at  PREMIER  Bankcard,  Inc. 

Challenges 

•  A  system  to  handle  over  10TB  of  data  that  grows 
300GB  per  month 

•  Performance  and  reliability  to  allow  instant,  anytime 
access  to  customer  reports  and  data 

•  A  standards-based  system  to  simplify  management 
and  the  user  experience 


Solution 

•  HP  Integrity  rx8620  server  with  16  Intel®  Itanium®  2 
processors  and  64GB  of  RAM 

•HP  StorageWorks  EVA5000 

•  Microsoft  Windows  Server  2003  Datacenter  Edition 

•  Microsoft  SQL  Server  2005 

Results 

•  Expandable  infrastructure 

•  Stable  environment  with  data  that's  more  accessible 

•  Easier-to-use  database  systems  that  increase 
employee  productivity 

•  Mission-critical  system  availability 

•  90%  faster  production  of  data  reports 

•  64-bit  power  resulting  in  100%  to  800%  increase  in 
performance  for  data  warehouse  queries 

To  find  out  how  to  extend  volume  economics 
to  your  most  mission-critical  computing, 
visit  www.futureproofnow.com 
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Benchmarking  your  outsourcer’s  prices  againstthe 
market  is  the  best  lever  you  have  to  save  money. 
Too  bad  your  outsourcer  may  be  trying  to  stop  you. 

Here’s  how  to  fight  back. 
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When  Darius  Jackson  became 


ING’s  head  of  IT  infrastructure  support 
and  service  delivery  in  January  2005,  his  job 
was  to  clean  up  a  mess.  Two  years  earlier,  the 
financial  services  company  had  outsourced 
its  IT  infrastructure  (hardware,  software, 
help  desk  and  so  on)  to  a  major  service  pro¬ 
vider  in  a  seven-year,  $600  million  deal.  But 
now  the  business  leaders  of  the  company  are 
)rried  that  they  aren’t  getting  the  value 
ey  want  out  of  the  relationship. 


BY  STEPHANIE  OVERBY 


:kson  has  a  crowbar  for  leveraging  more 
lue  out  of  the  deal,  though  he  hasn’t 
ed  it. 

it. 

3  called  the  benchmarking  clause,  a  small 
ragraph  hidden  in  a  vast,  complex  out- 
urcing  contract  that  gives  him  the  right  to 
sess  the  outsourcer’s  prices  using  an  inde- 


::  Ways  that  outsourcers 
are  trying  to  limit  bench¬ 
marking 


::  How  price  benchmark¬ 
ing  saves  you  money 


::  How  to  negotiate  a  good 
benchmarking  clause 


pendent  benchmarking  firm.  If  those  prices 
turn  out  to  be  way  above  the  going  rate,  he 


PHOTO  BY  CHRISTOPHER  HARTING 


www.cio.com  |  MARCH  1.  2007  51 


Cover  Story  |  Outsourcing 


could  bring  his  outsourcer  back  to  the 
negotiating  table.  The  outsourcer  probably 
wouldn’t  be  too  pleased  with  Jackson  should 
he  choose  to  exercise  that  right.  “They  like  to 
look  at  the  relationship  as  a  partnership,” 
says  Jackson.  “Their  preference  is  that  you 
come  and  talk  to  them  about  issues  and 
concerns  and  try  to  work  through  them  as 
opposed  to  looking  under  the  covers.” 

Still,  Jackson  admits,  “having  [the 
benchmarking]  option  is  invaluable.” 

But  what  Jackson  and  other  IT  lead¬ 
ers  may  not  know  is  that  the  power  of  the 
benchmarking  clause,  which  is  hidden 
inside  most  outsourcing  agreements  today, 
has  diminished  and  the  practice  of  price 
benchmarking  is  in  danger  of  disappearing 
altogether.  “Suppliers  have  scant  enthusi¬ 
asm  for  benchmarking,  which  shaves  their 
margins  and  tends  to  be  invoked  just  as 
their  contracts  start  to  become  profitable,” 
says  George  Kimball,  a  partner  with  law 
firm  Baker  &  McKenzie  who  represents 
outsourcing  customers.  Not  surprisingly, 
benchmarking  clauses  are  among  the  most 
contentious  and  negotiated  terms  in  an 
outsourcing  contract,  says  Kimball. 

In  fact,  the  major  IT  service  providers 
have  launched  an  all-out  assault  on  bench¬ 
marking,  fighting  to  turn  it  to  their  advan¬ 
tage.  “[They  are  restricting]  what  you  can 
benchmark,  how  often  you  can  benchmark 
and  the  amount  the  benchmark  can  reduce 
the  price  of  services,”  says  Mark  Robinson, 
executive  director  of  advisory  services 
sourcing  consultancy  EquaTerra. 

Other  experts  say  the  big  outsourcers 
are  looking  to  avoid  the  process  altogether. 
“They  want  to  stonewall  it,”  says  Howard 
Rubin,  a  senior  adviser  to  research  com¬ 
pany  Gartner. 

All  of  the  major  providers  we  spoke  to 
for  this  story— EDS,  Hewlett-Packard  and 
IBM— deny  that  they  are  out  to  kill  bench¬ 
marking.  However,  all  express  frustration 
with  the  current  state  of  the  practice  and 
all  are  trying  to  change  it— to  their  ben¬ 
efit.  “Benchmarking  isn’t  ever  going  to  go 
away,  but  I  think  it  will  change,”  says  Jon 
Stewart,  VP  of  market  management  for 
Electronic  Data  Systems  (EDS).  “I  think 
we  need,  first  and  foremost,  more  cred¬ 
ible  [benchmarking  firms].  There’s  not  a 
lot  of  players  in  that  space.  Second,  there 


The  Sanity  Clause 

Benchmarking  works  best  when  it’s  used  to  ensure 
competitive  pricing  over  the  term  of  a  contract,  not  as  a 
device  to  wring  every  last  cent  out  of  an  outsourcer. 

“Outsourcing  is  a  constant  barter,”  says  Daniel  Masur,  who  represents 
outsourcing  customers  at  Mayer,  Brown,  Rowe  &  Maw.  That  applies  to 
the  benchmarking  of  outsourcing  too.  Expect  a  lot  of  back  and  forth 
with  the  vendor  on  everything  from  the  language  of  the  benchmarking 
clause  to  the  benchmarking  process  and  what  you  do  with  the  results. 
Here  are  some  best  practices. 


Negotiating 
the  Clause 

COSTS:  Customers  may  prefer 
to  pay  for  benchmarking,  giving 
them  greater  control  over  the  pro¬ 
cess.  Suppliers  may  propose  shar¬ 
ing  expenses,  which  could  ensure 
more  cooperation  from  the 
outsourcer  and  greater  perceived 
objectivity  on  the  part  of  the 
benchmarker.  Keep  in  mind,  how¬ 
ever,  that  outsourcers  will  proba¬ 
bly  find  a  way  to  recover  their  part 
of  the  benchmarking  costs  in  the 
contract  agreement— there  are  no 
bargains  in  benchmarking. 

TIMING:  Ideally,  you  should  con¬ 
duct  benchmarking  every  year. 
Reject  language  that  limits  it  to 
less  than  that  or  pushes  bench¬ 
marking  out  beyond  the  first  year. 

SAMPLE  SIZE:  Vendors  may  try  to 
make  the  process  more  difficult 
or  expensive  either  by  demand¬ 
ing  that  you  benchmark  against 
a  larger-than-normal  number  of 
peers  or  by  stipulating  an  overly 
complicated  process  for  peer 
selection.  Benchmarkers  say  you 
usually  need  only  a  handful  of  peer 
companies  for  a  successful  result. 

RESULTS:  Suppliers  are  usually 
reluctant  to  agree  to  automatically 
match  market  rates  determined 
by  a  benchmarker— especially  if 
there  are  stringent  service  quality 
requirements  elsewhere  in  the 
contract.  They're  unlikely  to  agree 


to  match  the  bottom  10  percent 
of  pricing,  but  may  agree  to  the 
lowest  quartile  or  third— though 
they  may  ask  to  cap  the  total  cost 
reduction  amount. 

Managingthe  Process 

BUDGET  AND  PLAN:  Include  the 
estimated  cost  of  a  benchmark  in 
your  outsourcing  business  case. 
And  start  planning  the  bench¬ 
marking  process  at  least  four 
months  ahead  of  time. 

DO  IT  EARLY  AND  OFTEN:  Most 
customers  never  invoke  their 
benchmarking  clause  until  year 
two  or  three  of  the  contract,  and 
then  only  when  the  outsourcing 
relationship  is  already  on  the 
rocks.  That’s  a  mistake.  “The 
process  is  most  likely  to  be  suc¬ 
cessful— and  least  likely  to  bruise 
working  relationships— when  con¬ 
ducted  as  part  of  a  periodic  review 
or  recalibration  of  the  entire  rela¬ 
tionship,”  says  George  Kimball, 
partner  with  Baker  &  McKenzie. 

FOCUS:  Campbell  Soup  CIO 
Doreen  Wright  sees  little  value  in 
benchmarking  every  service  IBM 
provides  in  her  huge  outsourcing 
deal.  Rather,  each  year  she  and  her 
team  identify  areas  of  growth  or 
change  where  it's  likely  that  prices 
or  service  levels  will  need  adjust¬ 
ing.  For  example,  last  year  Camp¬ 
bell  benchmarked  server  hosting 
after  moving  to  a  new  virtual  server 
environment  with  IBM.  -S.O. 
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Xerox  Global  Services  professionals  can  transform  your 
firm’s  document  processes  to  create  revenue  while  driving  up 
productivity.  Result?  Improved  top  and  bottom  lines. 

There’s  a  new  way  to  look  at  it. 


Organizations  waste  millions  on  managing  the  flow  of 
documents  from  digital  to  paper  and  back  again.  Xerox 
Global  Services  professionals  create  efficiencies  by 
streamlining  those  processes,  upgrading  document 
technologies  and  finding  better  ways  for  people  and 
their  resources  to  work  together.  For  example,  our 
document  assessments  examine  workflow  and  technology 


xerox.com/millions 

1-800-ASK-XEROX 


compatibility  across  your  enterprise.  Once  our  analysis 
is  done,  we  offer  a  comprehensive  range  of  document 
services  and  outsourcing  to  optimize  your  assets  and  improve 
business  performance.  Our  methods  have  helped  Owens 
Corning,  InterContinental  Hotels  Group  (1HG)  and  others 
realize  millions.  For  a  complete  portfolio  of  our  services 
and  case  studies,  visit  us  today  at  xerox.com/millions. 

XEROX. 
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Doreen  Wright,  CIO 

of  Campbell  Soup, 
benchmarks  annually 
and  says  that  bench¬ 
marking  improves  her 
relationship  with  her 
outsourcer. 


needs  to  be  some  recognition  of  what  you 
can  realistically  expect  from  a  benchmark. 
The  old  mind-set  is,  ‘Ah,  I’ll  go  to  a  bench- 
marker  and  they  will  have  a  robust  view  of 
the  market.’  They  don’t.” 

If  the  power  of  the  benchmarking  clause 
diminishes,  CIOs  will  concede  one  of  the  only 
tools  for  controlling  the  cost  of  outsourced 
services.  The  risk  with  any  outsourcing 
contract  is  that  you  end  up  paying  through 
the  nose  for  services  that  should  be  getting 
cheaper,  particularly  in  the  infrastructure 
area,  where  prices  for  hardware  are  drop¬ 
ping  constantly.  “If  you  leave  it  up  to  the  ven¬ 
dor,  there  won’t  be  any  benchmarking.  Your 
next  shot  to  adjust  prices  is  when  the  deal’s 
up,”  says  Robert  Finkel,  partner  with  law 
firm  Milbank,  Tweed,  Hadley  &  McCloy. 

The  Birth  of  the 
Benchmarking  Clause 

The  benchmarking  clause  dates  back  to 
the  mid-’90s,  when  the  number  of  mega¬ 


outsourcing  deals  began  to  explode,  along 
with  the  lengths  of  the  agreements.  Signing 
a  10-year  deal  with  a  multibillion-dollar 
price  tag  was  a  big  risk— one  that  custom¬ 
ers  wanted  to  mitigate. 

In  the  beginning,  says  Kimball,  bench¬ 
marking  clauses  were  kinder  and  gen¬ 
tler-designed  only  to  bring  outsourcer 
and  customer  together  to  confer  diplomati¬ 
cally  if  prices  seemed  higher  than  market 
averages.  But  as  the  decade  drew  near  a 
close,  CIOs  and  their  business  colleagues 
got  nervous.  They  wanted  some  assurance 
that  increasing  competition  among  the 
outsourcers  and  constantly  dropping  costs 
of  computing  power  would  be  reflected  in 
what  they  were  paying.  Outsourcing  con¬ 
sultants  and  external  counsel  were  only  too 
happy  to  oblige.  Midwifed  by  such  advis¬ 
ers,  new  benchmarking  clauses  emerged. 
With  teeth. 

The  clauses  not  only  enabled  periodic 
benchmarking,  they  forced  a  remedy. 


Should  charges  fail  to  fall  within  the  bot¬ 
tom  10  percent  of  the  market,  the  supplier 
had  to  lower  its  prices.  Some  more  aggres¬ 
sive  clauses  even  required  retroactive 
reductions.  “They  were  planned  to  be 
punitive  to  the  providers,”  says  Rubin. 

In  the  vendor  feeding  frenzy  of  the  time, 
outsourcers  signed  these  customer-centric 
provisions  left  and  right.  “Back  then,  it  was 
all  green  pastures  and  room  enough  for 
everyone.  Outsourcers  just  chased  deals,” 
says  Stewart.  “There  wasn’t  a  lot  of  think¬ 
ing  about  how  the  market  might  change  in 
the  future.” 

A  few  years  later,  however,  when  some 
large  customers  began  to  flex  their  bench¬ 
marking  muscles,  outsourcers  felt  the  pain. 
In  one  of  the  most  extreme  cases  in  2002, 
Britain’s  Cable  &  Wireless  sued  IBM  for 
more  than  $200  million  for  price  gouging 
after  a  disputed  benchmark.  IBM  counter- 
sued  and  brought  Cable  and  Wireless’s 
benchmarking  company,  Compass,  into 
the  lawsuit.  They  ultimately  settled  out 
of  court.  The  outsourcers  suddenly  woke 
up,  as  if  from  a  nightmare.  “They  started  to 
say,  What  the  hell  have  we  agreed  to?”  says 
Geraldine  Fox,  global  sourcing  practice 
lead  for  Compass.  “The  price  standard  they 
were  being  held  to— the  lowest  decile— was 
ridiculously  strict.” 

Why  Vendors  Hate  It 

Attribute  the  sharpness  of  the  bite  to  the 
emergence  of  benchmarking  companies 
around  1998.  Benchmarkers  had  been 
evaluating  IT  shops’  internal  operations 
since  the  late  ’80s,  but  when  the  out¬ 
sourcing  boom  hit  they  came  up  with  an 
enticing  pitch  for  CIOs:  Let  us  invoke  the 
benchmarking  clause,  and  we  guarantee  to 
cut  your  prices.  With  benchmarks  costing 
anywhere  from  $100,000  to  a  million  dol¬ 
lars,  depending  upon  scope,  it  was  hard  for 
benchmarking  firms  to  seal  the  deal  with¬ 
out  pledging  to  get  at  least  some  of  that 
money  back.  But  that  promise  poisoned 
their  objectivity,  some  say.  “When  you  say 
we  guarantee  to  save  you  20  percent,  you’re 
not  really  being  objective,”  says  Adam 
Strichman,  senior  partner  at  research  and 
benchmarking  company  Nautilus  Advi¬ 
sors  and  former  director  of  outsourcing 
strategies  at  Meta  Group. 
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The  outsourcers  screamed  foul.  The 
whole  benchmarking  process,  they  con¬ 
tended,  was  a  crock:  Service  provider  cost 
models  are  complicated;  there  are  financial 
and  operational  dependencies  among  dif¬ 
ferent  services;  outsourced  services  are 
rarely  commodities  but  rather  are  sold  in 
varying  combinations  upon  a  wide  array 
of  terms.  For  example,  the  price  for  main¬ 
frame  services  can  vary  by  plus  or  minus 
40  percent,  says  Stewart  of  EDS,  depend¬ 
ing  on  what  software  is  running  on  the 
machines.  “You  have  to  understand  the 
client  environment,  service  levels  and  the 
financial  assumptions  that  went  into  the 
deal  to  come  up  with  an  accurate  bench¬ 
mark,”  he  says.  “And  benchmarkers  don’t 
know  the  deal  specifics.” 

Furthermore,  say  the  outsourcers,  the 
benchmarkers’  attempts  to  account  for 


the  variations  among  companies— what  is 
euphemistically  known  as  “normalization” 
in  the  industry— isn’t  an  adequate  substi¬ 
tute  for  real  numbers  and  knowledge.  “The 
vendors  complain  benchmarking  is  more 
art  than  science,”  says  Robinson  of  Equa- 
Terra.  “And  a  black  art  at  that.” 

The  Benchmarking 
Business 

Benchmarkers,  whose  overall  market  now 
exceeds  $200  million  per  year,  according 
to  one  industry  analyst  who  asked  not  to 
be  named,  concede  some  of  these  points. 
“There  is  an  art  to  it,”  admits  Strichman. 
“Benchmarking  is  far  more  than  statistical 
analysis  and  number-crunching.”  Bench- 
markers  say  that  over  the  years  they  have 
refined  their  processes  to  reconcile  unlike 
data  and  adjust  for  differences  such  as  the 


Is  IBM  trying  to  kill  benchmarking  by  patenting  it? 

That  IBM  has  filed  a  patent  is  hardly  ever  news.  Big  Blue  filed  3,651  patents 
last  year,  making  it  the  U.S.  patent  winner  for  the  14th  year  in  a  row. 

But  an  application  filed  with  the  U.S.  Patent  Office  in  2003  by  two  members 
of  the  IBM  Global  Services  benchmarking  team  has  caught  the  attention  of 
some  in  the  industry.  The  patent  is  for  “a  process  and  computer  program  prod¬ 
uct  for  adjusting  a  price  derived  from  a  benchmark  computer  service  model  to 
a  price  of  a  computer  service  contract,  or  vice  versa."  In  other  words,  they  are 
trying  to  patent  the  benchmarking  process  itself,  observes  Adam  Strichman, 
senior  partner  at  research  and  benchmarking  company  Nautilus  Advisors. 

“it's  like  trying  to  patent  breathing,”  he  says. 

Indeed,  the  patent  is  so  broad  that,  if  granted,  it  could  give  IBM  the  power 
to  sue  benchmarkers  whenever  they  do  their  work,  say  analysts.  "If  IBM 
wanted  to  shut  down  the  benchmarkers,  it  could  easily  put  $10  million  in  a 
pot  for  legal  expenses  and  shut  them  all  down,”  says  David  Perara,  director 
of  IT  indicators  and  metrics  for  research  company  Government  Insights. 

Alan  Yamamoto,  who  led  IBM’s  global  benchmarking  team  until  recently, 
says  everyone’s  making  too  much  of  the  application.  “IBM  personnel  are 
encouraged  to  file  for  patents  when  they  invent  stuff,"  says  Yamamoto,  to 
whom  the  patent  applicants  reported.  “We  developed  some  processes  that 
were  innovative  and  merited  invention  status.”  He  denies  that  the  patent 
is  designed  to  kill  or  take  over  the  industry.  IBM’s  process  is  different  from 
other  benchmarkers’,  he  says.  “There  are  no  standards  in  this  industry,”  says 
Yamamoto.  “There’s  not  [only]  one  way  of  skinning  this  cat."  -S.0. 


client  environment  and  service  levels. 

But  while  benchmarking  may  require 
some  apples-to-oranges  comparisons  and 
fact-finding  to  adjust  for  different  environ¬ 
ments,  it’s  the  only  method  currently  avail¬ 
able  for  CIOs  to  ensure  the  competitiveness 
of  the  prices  they’re  paying.  “There’s  value 
in  the  benchmarking  clause.  It  gives  a  cus¬ 
tomer  security  when  signing  a  long-term 
contract  with  a  single  provider,”  says  Neil 
Barton,  Hewlett-Packard  Services’  bench¬ 
marking  manager  for  Europe. 

And  while  outsourcers  complain  that 
the  benchmarkers’  numbers  don’t  add 
up,  they  are  loath  to  admit  that  their  own 
numbers  don’t  add  up  either.  Service  pro¬ 
viders  typically  grant  customers  a  great 
price  on  IT  services  on  day  one  but  back- 
load  their  costs  to  recover  initial  invest¬ 
ments  later  on.  Compass  reports  seeing 
year-one  savings  of  as  much  as  18  percent 
(usually  10  percent  to  15  percent)  turn  into 
costs  in  excess  of  23  percent  above  market 
rate  by  year  three  and  more  than  35  per¬ 
cent  in  longer  deals.  Outsourcers  aren’t 
likely  to  open  up  their  books  and  show 
you  how  they’ve  arrived  at  your  charges, 
so  benchmarking  is  an  important  tool. 
“Whatever  its  limitations,”  says  Kimball, 
“benchmarking  can  be  an  effective  cata¬ 
lyst  for  renegotiations  that  raise  service 
levels  and  reduce  charges.” 

The  Vendors 
Strike  Back 

A  few  years  ago,  major  outsourcers  began 
taking  active  steps  to  restrict  benchmark¬ 
ing.  They  created  dedicated  teams  to  ana¬ 
lyze  costs  and  negotiate  benchmarking 
clauses  to  their  advantage.  “What  was 
once  just  grumbling  turned  into  orga¬ 
nized  grumbling,”  says  Strichman.  “Now 
every  major  service  provider  has  a  group 
that  manages  the  process.”  These  groups 
are  charged  with  analyzing  internal  intel¬ 
ligence;  benchmarking  to  calibrate  their 
pricing  models  (the  outsourcers  use  the 
benchmarkers’  services  too);  and  manag¬ 
ing  the  process  when  a  customer  decides 
to  invoke  its  benchmarking  right. 

Alan  Yamamoto  set  up  such  a  group  at 
IBM  five  years  ago.  True  to  Big  Blue  form, 
the  company  has  filed  a  patent  in  this  area 
(see  “Patent  (Fight)  Pending,”  this  page). 
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Meanwhile,  IBM’s  arch  rival,  HP,  has 
created  a  team,  as  has  EDS.  “[Vendors] 
definitely  have  gotten  more  vigorous  in 
protecting  their  interests,”  says  Stuart 
Harris,  a  partner  with  outsourcing  con¬ 
sultancy  TPI.  “I  can’t  say  they’re  system¬ 
atically  obstructive,  but  some  of  their 
clients  might.” 

One  of  the  tactics  these  teams  use  is 
to  make  a  benchmarking  clause  so  spe¬ 
cific  in  its  requirements  that  it  becomes 
too  difficult  or  expensive  to  invoke— for 
example,  requiring  too  many  peers  in  the 
benchmarking  group  (five  is  generally 
plenty,  say  benchmarking  companies). 
Other  terms  the  outsourcers  may  seek 
include  negotiating  a  detailed  limit  on 
how  soon  or  how  often  the  customer  can 
benchmark,  the  opportunity  to  review 
and  negotiate  draft  findings,  and  caps 
on  mandatory  reductions  in  charges, 
among  others. 

Shutting  Off 
the  Data 

But  perhaps  the  most  obstructive  effort 
by  outsourcers  so  far  is  their  attempt 
to  stymie  benchmarker  data  gather¬ 
ing.  In  order  to  build  their  market  cost 
estimates,  benchmarkers  need  to  pool 
data  from  many  different  outsourcing 
customers.  Since  the  beginning  of  the 
benchmarking  era,  outsourcers  have 
allowed  benchmarkers  to  reuse  the  data 
they  gather  during  their  benchmarking 
engagements  as  long  as  they  agree  not  to 
reveal  customer  names. 

Yet  within  the  past  year  and  a  half, 
vendors  have  begun  asking  benchmark¬ 
ers  to  sign  a  legally  binding  document 
promising  that  they  will  not  reuse  the 
data  they  gather  from  the  outsourc¬ 
er’s  customers,  thereby  preventing 
the  benchmarkers  from  making  com¬ 
parisons  across  companies— the  very 
essence  of  what  they  do  and  the  foun¬ 
dation  for  the  service  they  provide  their 
customers.  Indeed,  some  providers, 
such  as  IBM  and  EDS,  have  banned  data 
reuse— with  rare  exceptions  for  particu¬ 
larly  large  and  determined  customers. 
This  is  despite  the  fact  that  most  service 
providers  use  third-party  benchmark¬ 
ers  themselves  to  construct  and  main¬ 


tain  competitive  deals.  “If  one  believes 
in  the  reuse  of  pricing  data,  you  have 
some  obligation  to  permit  that  to  hap¬ 
pen,”  says  HP’s  Barton,  noting  that  HP 
employs  the  services  of  benchmarking 
companies  Compass,  Gartner  and  Ger¬ 
many-based  Maturity  Consulting.  HP 
is  in  the  process  of  “reviewing”  its  data 
reuse  policy,  he  says. 

EDS’s  Stewart  sees  the  contradiction: 
He  complains  that  the  benchmarkers 
lack  sufficient  data  to  make  good  pric¬ 
ing  estimates,  and  now  he’s  exacerbat¬ 
ing  the  problem.  He  doesn’t  much  care. 
“The  reality  is  I  have  better  data  than  the 
benchmarkers  do,”  Stewart  says.  “We 
participated  in  9,000  deals  last  year.  We 
have  much  more  robust  information.  We 


don’t  need  [benchmarkers]  to  define  our 
view  of  the  market.” 

But  CIOs  do.  And  the  trouble  is,  many 
of  them  buy  the  outsourcers’  pitch  that 
by  preventing  reuse  of  data,  they  are  sim¬ 
ply  trying  to  protect  customers’  privacy. 
“The  client  will  say,  ‘That  sounds  scary. 
Thanks  for  bringing  it  up,”’  says  Nautilus 
Advisors’  Strichman.  “They  don’t  see  the 
agenda  underneath.”  If  every  customer 
agreed  to  such  restrictions,  price  bench¬ 
marking  would  cease  to  exist. 

Meanwhile,  consolidation  has  left  just  a 
handful  of  big,  full-service  outsourcers— 
all  with  tremendous  power  in  the  market¬ 
place.  IBM,  for  example,  has  the  biggest 
market  share  of  any  outsourcing  com¬ 
pany,  more  than  double  that  of  its  nearest 


Kim  Weatherford, 

an  IT  director  for 
Texas,  says  that 
anyCIOcan-and 
must— negotiate  a 
strong  price  bench¬ 
marking  clause 
with  outsourcers. 
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•  WHAT  IS  SYSTEM  CENTER? 

Microsoft'  System  Center  is  a  family  of  IT 
management  solutions  designed  to  help  you  manage 
your  mission-critical  enterprise  systems  and 
applications.  The  System  Center  family  includes 
established  management  products  such  as  Systems 
Management  Server  (SMS)  and  Operations 
Manager,  plus  an  array  of  other  products  to  help 
9  you  manage  your  mission-critical  enterprise 
infrastructure  for  maximum  reliability, 
integration,  and  scalability. 


MANAGE  FOR  RELIABILITY. 

When  it  comes  to  delivering  critical  services  to 
your  business,  maintaining  a  reliable  IT  infra¬ 
structure  is  paramount.  Microsoft  System  Center 
solutions  help  you  increase  reliability  with  smart 
infrastructure  management.  For  example, 
Microsoft  System  Center  solutions  capture  and 
aggregate  knowledge  about  your  infrastructure, 
policies,  processes,  and  best  practices  so  you  can 
automate  operations,  proactively  manage 
change,  improve  application  availability, 
and  enhance  service  delivery. 
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MANAGE  FOR  INTEGRATION. 

Microsoft  System  Center  solutions  work  with  your 
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1  existing  IT  environment,  and  interoperate  with 
the  management  tools  you  already  have,  to  give 
you  better  control.  In  addition,  System  Center's 
capabilities  can  be  extended  to  manage  third- 
party  infrastructure  and  applications  such  as 
SAP,  Oracle,  Apache,  Linux,  and  others. 
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MANAGE  FOR  SCALABILITY. 

As  your  business  grows,  your  infrastructure 
grows,  too.  System  Center  solutions  are 
designed  to  handle  that  growth  and  manage 
even  the  largest-scale  environments,  up  to  tens 
of  thousands  of  servers  and  hundreds  of 
thousands  of  PCs. 
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HOW  DELL  IS  MANAGING  BIG. 

Dell,™  the  world's  largest  seller  of  computer  systems, 
is  using  System  Center  solutions  to  manage 
Dell.com.  According  to  Takis  Petropoulos,  Dell's 
Senior  IT  Systems  Engineer,  "More  than  half  of 
Dell's  $57  billion  in  annual  sales  come  through 
Dell.com.  Dell  relies  on  System  Center  solutions 
to  keep  our  global  e-commerce  presence  and 
other  mission-critical  systems  up  and 
running,  24x7."  “  * 
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HOW  HSBC  IS  MANAGING  BIG. 

HSBC,  one  of  the  largest  banking  and  financial 
services  organizations  in  the  world,  is  using 
System  Center  solutions  to  manage  a  very  big 
environment:  "With  225,000  users  in  a  single 
directory  forest,  it  simply  can't  fail.  System  Center 
helps  us  manage  Active  Directory  with 
mainframe-like  discipline,  and  is  the  reason 
that  we  can  sleep  at  night, "said  Matthew  O'Neill, 
HSBC's  Group  Head  of  Distributed  Systems. 


For  more  System  Center  case  studies, 
visit  DesignedForBig.com 


Microsoft 


System  Center 
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rival,  EDS.  The  two  companies’  combined 
market  share  is  more  than  their  four  next 
nearest  rivals  combined,  according  to 
Gartner.  Other  major  providers  may  ban 
the  reuse  of  data  now  that  the  two  biggest 
players  have  started  moving  in  that  direc¬ 


tion.  If  CIOs  don’t  want  the  benchmarking 
clause  to  go  away,  they  will  need  to  take  a 
more  active  role  in  negotiations. 

Don’t  Mess 
with  Texas 

Keeping  benchmarking  alive  was  top  of 
mind  for  leaders  at  the  Texas  Department 
of  Information  Resources  (DIR)  before 
they  signed  a  seven-year,  $863  million 
data  center  services  contract  with  IBM 
in  November  2006.  “Benchmarking  was 
a  hot  issue  for  us.  Our  belief  was  that  it 
would  allow  us  to  have  the  best  insight 
into  how  our  deal  compares  to  market 
pricing,”  explains  Kim  Weatherford, 
director  of  statewide  technology  opera¬ 
tions.  “Over  time,  technology  [improve¬ 
ments  are]  going  to  drive  down  rates  for 
various  [services],  and  we  want  those 
rate  reductions,”  he  adds. 

During  the  state-mandated  bidding 
process,  Weatherford  noticed  that  all  the 
vendors  seemed  allergic  to  the  concept. 
Indeed,  while  most  issues  were  resolved 
before  final  negotiations  with  the  winner, 
IBM,  benchmarking  was  not  resolved 
until  the  final  days  of  negotiations.  “IBM 
had  experienced  problems  with  [bench¬ 
marking],”  says  Weatherford,  “but  we 
worked  hard  to  get  language  in  there  that 
allows  us  to  do  it  regularly.” 

Initially,  Texas  went  old  school  on  the 
clause,  seeking  automatic  rate  reductions 
for  charges  that  did  not  fall  in  the  lowest 
10  percent  of  market  pricing.  IBM  pushed 
back  and  raised  it  to  the  lowest  quartile. 
IBM  also  demanded  a  cap  on  annual  pric¬ 
ing  adjustments:  no  more  than  5  percent 


in  discounts  in  years  two  through  four 
and  no  more  than  7  percent  in  years  five 
through  seven.  The  clause  allows  the  state 
to  benchmark  annually  and  even  includes 
language  that  compels  IBM  to  waive  its 
ban  on  data  reuse. 


Weatherford  admits  that  the  dollar 
value  of  the  state’s  contract  went  a  long 
way  toward  getting  a  more  balanced 
benchmarking  clause.  But  any  determined 
customer  can  and  should  secure  similar 
benchmarking  rights,  he  insists.  “You 
really  have  to  know  what  you  want  and 
what  outcomes  you’re  willing  to  live  with, 
and  put  that  on  the  table,”  says  Weatherford. 
“The  outsourcer  will  figure  out  a  way  to 
give  it  to  you;  it’s  just  a  matter  of  money.” 

An  Annual  Affirmation 

Campbell  Soup  Senior  Vice  President 
and  CIO  Doreen  Wright  brings  in  bench- 
markers  once  a  year  to  benchmark  spe¬ 
cific  services  and  technologies  that  have 
been  outsourced  in  her  10-year  deal  with 
IBM.  “In  some  cases,  we  find  we’re  pay¬ 
ing  too  much  and  in  others  too  little,”  she 
says.  The  important  thing,  Wright  says, 
is  that  Campbell  spent  a  full  year  on  the 
latest  contract  renegotiations  with  IBM 
(the  original  deal  dates  back  to  1995)  to  get 
initial  pricing  right,  determine  which  ser- 


Benchmarking  Rules 


For  more  on  the  benchmarking  clause  and 
other  PERFORMANCE  CLAUSES  that  you 
should  include  in  your  outsourcing  con¬ 
tract,  go  to  www.cio. com/030107,  where 
you  can  download  a  white  paper  on  "Rene¬ 
gotiating  Your  Outsourcing  Contract.” 

For  more  on  managing  outsourcing  over 
the  long  haul,  see  our  three-part  series  on 
outsourcing  strategies  and  THE  THREE- 
OR  FOUR-YEAR  ITCH  (find  both  at 
www.cio.com/specialreports/ 
outsourcing_report.html). 

cio.com 


vices  should  remain  with  IBM  rather  than 
come  back  in-house,  and  ensure  bench¬ 
marking  rights  for  the  length  of  the  deal. 

Ironically,  Wright  says  she  insists  on 
benchmarking  because  she  has  a  good 
relationship  with  IBM.  “They’re  an 
extension  of  our  own  team,  and  we  can 
lose  objectivity,”  she  explains.  “So  we 
need  to  bring  in  an  objective  third  party 
who  bases  their  assessment  on  facts.” 

The  issue  of  data  reuse  is  trickier. 
There’s  certain  data  IBM  will  not  allow 
the  customer  to  share  with  the  bench- 
marker,  says  Andy  Croft,  Campbell’s 
vice  president  of  global  services.  “We’re 
not  crazy  about  sharing  corporate  data 
either,”  says  Croft.  “But  we  realize  the 
whole  industry  needs  to  benchmark.” 
And  the  process  itself  is  arduous.  In  fact, 
Wright  had  to  skip  benchmarking  one 
year  because  Campbell  was  rolling  out 
a  new  SAP  system  in  Canada.  Still,  “just 
having  [the  benchmarking  clause]  in 
there  is  healthy  for  the  relationship,”  says 
Croft.  “It  makes  a  lot  of  implicit  things 
explicit.  And  it  eliminates  the  vendor’s 
entitlement  mentality.” 

The  Forecast:  Uncertain 

But  in  the  battle  to  preserve  benchmark¬ 
ing,  Campbell  Soup  and  the  state  of  Texas 
are  likely  exceptions  rather  than  the  rule. 
Benchmarking  is  on  the  ropes.  “Bench¬ 
marking  is  an  arena  in  which  both  buyers 
and  vendors  have  an  opportunity  to  play 
games,”  says  Cynthia  Beath,  professor 
emeritus  at  the  University  of  Texas-Aus- 
tin.  “If  I  were  to  bet  on  the  outcome  of  any 
outsourcing  game,  I’d  put  my  money  on 
the  vendor,  who  plays  more  frequently.” 

Benchmarking  may  be  imperfect,  but 
pricing  in  outsourcing  contracts  is  opaque 
to  CIOs,  who  may  negotiate  only  one  or 
two  of  these  deals  in  a  lifetime.  “No  one 
can  make  heads  or  tails  of  outsourcers’ 
pricing.  CIOs  have  no  idea— is  this  a  good 
price  or  a  bad  price?”  says  Strichman. 

Just  as  benchmarking  is  becoming  less 
of  a  sure  thing,  he  adds,  there’s  “even 
more  need  for  it.”  BE] 


You  can  reach  Senior  Editor  Stephanie  Overby 
at  soverby@cio.com.  To  comment  on  this,  go  to 
the  online  version  at  www.cio.com/030107. 


“Ifyou  leave  itupto  the  vendor,  there  won’t 
beany  benchmarking.  Your  next  shot  to 
adjust  prices  is  when  the  deal’s  up.” 

-Robert  Finkel,  partner,  Milbank,  Tweed,  Hadley  and  McCloy 
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call  for  entries 


NOW  YOU  HAVE  A  VOTE  FOR  THE 


Current 
Hall  of  Fame 
Members 

John  Cross 
David  Evans 
Charles  Feld 
Cinda  Hallman 
Max  D.  Hopper 
Katherine  M.  Hudson 


In  1997,  on  the  occasion  of  CIO’s 
10th  anniversary,  we  created  the  CIO  Hall 
of  Fame,  honoring  12  men  and  women 
we  believed  to  have  been  the  decade’s 
most  influential  CIOs. 

Now,  as  our  20th  anniversary  approaches, 
we’re  askingforyour  help  in  identifying 
20  more  men  and  women  to  honor. 


Donald  R.  Lasher 

Bob  L.  Martin 

DuWayne  J.  Peterson 

Ron  J.  Ponder 

Paul  Strassman 

Patricia  Wallington 

Find  the  profiles  of  these 
men  and  women  at  www 

.cio.com/091597/hall.html 

to  see  what  makes  a 
CIO  Hall  of  Famer. 


Presented  by 


Business 

Technology 

Leadership 


This  spring,  we  will  select  the  20  new 
members,  post  their  names  and 
accomplishments  on  our  site  and  profile 
them  in  our  Oct.  1  20th  anniversary  issue. 

The  accomplishments  of  our  honorees 
will  be  significant  and  far-reaching. 

They  will  illuminate  where  IT  has  been 
and  where  it  is  going. 

Back  in  1997,  we  did  this  without  you. 

Now  your  voices  can  be  heard. 

So  let’s  hearthem! 


Deadline:  May  1, 2007 

You  will  find  our  nomination  form  at  www.cio.com/awards/fame 
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Security 


The  truth  is,  you’re  so  worried  about  your  security  posture 
that  you  don’t  even  want  to  talk  about  it.  You  certainly  don’t 
want  to  talk  to  CIO,  even  anonymously.  But  we  know  (because 
experts  tell  us)  that  compared  with  CIOs  at  large  corporations, 
you  mid-market  CIOs  don’t  have  the  budget,  the  sophisticated  IT 
skills  on  your  staff  or  the  time  to  take  away  from  core  IT  opera¬ 
tions  to  build  better  defenses.  You’re  wide  open,  and  right  now 
you’re  just  hoping  you’ll  get  lucky  enough  to  duck  something 
terrible  coming  at  you  from  an  unknown  direction. 

Increasingly,  the  neighborhood  you  live  and  work  in  has 
become  a  dangerous  place. 

“A  lot  of  attacks  are  being  made  on  the  mid-level  companies 
because  it’s  a  smaller  hill  to  climb,”  says  Robert  Richardson, 
director  of  the  Computer  Security  Institute  in  San  Francisco. 

“That’s  just  a  plain  fact.” 


Big  Scary  Numbers 

There’s  no  doubt  that  the  4,000-plus  mid-market  companies 
in  the  United  States  are  extremely  vulnerable.  About  43  per¬ 
cent  of  mid-market  companies  have  annual  security  budgets 
below  $100,000,  while  about  the  same  proportion  of  large  com¬ 
panies  (40  percent)  have  security  budgets  that  exceed  $1  million, 
according  to  the  2006  “Global  State  of  Information  Security”  sur¬ 
vey  conducted  annually  by  CIO  and  PricewaterhouseCoopers. 
(To  see  all  the  data,  go  to  www.cio.com/09lS06.)  On  top  of  that, 
mid-market  companies  typically  don’t  have  a  security  expert 
on  staff.  Only  about  20  percent  employ  a  CISO  compared  with 
42  percent  of  large  corporations.  Finally,  mid-market  CIOs  don’t 
have  the  tools  to  identify  their  weaknesses.  Fewer  than  a  third 
use  vulnerability  scanning  software  to  find  holes  in  their  sys¬ 
tems,  while  46  percent  of  their  larger  counterparts  do. 


Web  Vulnerabilities 


The  Open  Web  Application  Security  Project  Foundation  makes  a  list  of  the  top  Web 
application  vulnerabilities  and  what  to  do  about  them.  Here  are  five  of  the  most  common. 
For  the  complete  list,  go  to  the  online  version  of  this  story  at  www.cio. com/030107 . 


1.  Unvalidated  inputs 
Definition:  Not  checking 
whether  text  a  user  types  into 
a  field  on  a  website  is  appro¬ 
priate  for  that  field. 

Problem:  Hackers  use  these 
fields  to  type  commands  that 
allow  them  to  scan  for  vulner¬ 
abilities  and  gain  access. 
What  you  can  do:  Validate  that 
each  field  accepts  only  those 
characters  that  are  common 
for  that  field  (such  as  num¬ 
bers  for  a  ZIP  code  field)  and 
are  an  appropriate  length. 

Run  the  inputs  against  a 
small  library  of  ZIP  codes  and 
addresses  to  confirm  that  the 
information  is  valid. 

2.  Broken  access  control 
Definition:  Access  controls 
determine  what  a  user  can 
access  after  logging  in  to  his 


personal  account  and  block 
access  to  other  accounts. 
Problem:  About  half  of  all 
websites  have  serious  access 
problems  because  of  poor 
testing  during  development. 
What  you  can  do:  Test  all  pos¬ 
sible  permutations  of  what  a 
user  may  do  to  try  to  access 
information  that  is  not  his  own. 

3.  Broken  authentication 
and  session  management 
Definition:  After  logging  in  to 
a  website  with  a  user  name 
and  password,  you  receive  a 
cookie  that  works  like  a  hand 
stamp  at  a  night  club,  authen¬ 
ticating  your  identity  as  you 
go  through  the  site. 

Problem:  Sometimes  compa¬ 
nies  will  customize  authentica¬ 
tion,  inadvertently  allowing 
hackers  to  infiltrate  sessions 


and  use  the  ID  cookie  to  access 
the  legitimate  user’s  account. 
What  you  can  do:  Rely  on 
the  built-in  authentication 
schemes  in  the  application; 
use  secured  sockets  layer 
(SSL)  to  encrypt  the  session. 

4.  Cross-site  scripting 
Definition:  When  a  hacker 
sends  commands  embedded 
in  queries  to  a  website. 
Problem:  A  hacker  types 
JavaScript  into  any  text  field, 
such  as  a  change-of-address 
field.  When  a  legitimate  user 
types  information  into  that 
field,  the  JavaScript  is  acti¬ 
vated,  which  allows  the  hacker 
to  take  control  of  the  session 
and  grants  him  all  the  user's 
session  rights,  enabling  him 
to  move  money  or  steal  credit 
card  numbers. 


What  you  can  do:  Make  sure 
every  text  field  will  accept  only 
those  characters  and  length 
of  characters  that  are  suitable 
for  that  field— for  example,  five 
numbers  in  a  ZIP  code  field 
and  five  numbers  only. 

5.  Buffer  overflow 
Definition:  Allows  an  attacker 
to  input  more  information 
than  the  buffer  can  manage. 
Problem:  Attacker  can  take 
control  of  application  server, 
gaining  access  to  all  the  data 
that  the  server  manages 
What  you  can  do:  Move  away 
from  C++  programming 
language,  which  is  most  vul¬ 
nerable,  to  Java  or  .Net  lan¬ 
guages.  If  you  must  use  C++, 
use  static  analysis  tools  to 
find  overflow  vulnerabilities. 

-A.H. 
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Until  recently,  the  security  gap  between  mid-  and  large- 
market  companies  hasn’t  been  an  issue.  The  percentage  of 
mid-market  CIOs  reporting  successful  cyberattacks  last  year 
was  about  the  same  as  the  percentage  of  large  companies.  But 
security  experts  agree  that  the  number  of  cyberattacks  on  mid¬ 
market  companies  began  rising  last  fall  and  continues  to  do  so. 
The  trend  is  clear. 

“Smaller  corporations  are  where  the  problems  are  today,” 
says  Paul  Kocher,  president  of  Cryptography  Research,  a  secu¬ 
rity  services  firm.  “[Attackers]  know  these  companies  don’t  have 
the  budgets  or  expertise  to  have  strong  security.” 

But  you’re  not  helpless. 

We  have  collected  some  secu¬ 
rity  fixes  and  technologies 
that  experts  say  will  harden 
your  systems  without  drain¬ 
ing  your  budget  or  requiring 
you  to  extend  the  day  past 
24  hours.  While  these  fixes 
and  tools  will  not  make  your 
systems  attackproof,  they  can 
make  life  more  difficult  for  the 
cyberscum.  And  that’s  what 
cybersecurity  is  all  about,  says 
Tom  Sullivan,  head  of  e-com- 
merce  risk  for  online  travel  site 
Expedia  and  also  chair  of  the 
Merchant  Risk  Council,  a  non¬ 
profit  group  that  represents 
online  retailers.  Like  crooks 
of  any  stripe,  cyberthieves  are 
looking  for  easy  targets.  If  they 

come  up  against  a  site  that’s  even  marginally  more  difficult  to 
hack  than  others,  in  most  case  they’ll  move  on  to  easier  prey. 

“That  site  may  be  your  competitor.. .or  it  may  be  you,”  Sul¬ 
livan  says. 

“You  hope  it’s  not  you.” 

The  Changing  Threat 

Last  year  was  a  relatively  quiet  one  on  the  security  front.  No 
major  viruses  struck  down  entire  networks,  and  the  percent¬ 
age  of  corporations  hit  by  viruses  has  been  on  a  steady  decline, 
from  95  percent  of  all  U.S.  organizations  reporting  virus  attacks 
in  2001  to  just  65  percent  last  year,  according  to  the  2006  com¬ 
puter  crime  and  security  survey  conducted  annually  by  the 
Computer  Security  Institute  (CSI)  and  the  FBI. 

But  what  that  report  doesn’t  address,  says  Richardson,  who 
oversees  the  report  for  the  CSI,  is  the  changing  nature  of  the 
attacks  and  their  targets.  No  longer  are  attackers  trying  to  bring 
down  large  networks  for  hacker  bragging  rights;  cyberattackers 
are  now  in  it  for  the  money.  “Hackers  and  fraudsters  are  deliber¬ 
ately  staying  under  the  radar  now,”  Richardson  says.  “They’re 
going  undetected  until  they  do  what  they  want  to  do.  And  even 
then,  sometimes  you  don’t  know  until  the  money  is  long  gone.” 


Consequently,  many  attacks  go  unreported. 

“[Survey  respondents]  will  talk  about  getting  hit  by  wide¬ 
spread  viruses,  but  they  won’t  talk  about  how  they  got  com¬ 
pletely  cleaned  out  by  a  targeted  attack,”  says  Richardson. 

It’s  time  to  talk  about  it  before  you’re  a  victim. 

And  here’s  what  you  should  be  talking  about. 

Assess,  Then  Patch 

Cyberthieves  look  for  the  path  of  least  resistance.  That  means 
they’re  looking  for  known  vulnerabilities  in  applications  and 
networks— those  holes  that  have  been  published  online  and  for 

which  vendors  may  or  may 
not  have  provided  patches. 
That’s  why  security  experts 
say  patching  known  vulner¬ 
abilities  is  the  most  effective 
defense  against  cyberattacks, 
reducing  your  risk  by  at  least 
half,  if  not  more,  they  say. 

We  know,  you’ve  heard  this 
before,  ad  nauseam.  But  the 
fact  is,  a  large  portion  of  CIOs 
simply  don’t  do  it.  Fewer  than 
half  of  all  mid-market  CIOs 
say  they  have  deployed  some 
kind  of  patch  management 
tool,  according  to  CIO’s  global 
security  survey.  (CIOs  at  large 
corporations  are  only  slightly 
better,  with  55  percent  saying 
they  have  deployed  a  patch 
management  tool.)  No  won¬ 
der  hackers  continue  to  find  plenty  of  opportunities. 

So  why  not  patch,  and  patch  often?  CIOs  are  not  being  pur¬ 
posely  negligent,  says  Jeff  Williams,  chair  of  the  Open  Web 
Application  Security  Project  (OWASP)  Foundation,  a  nonprofit 
online  community  disseminating  Web  security  best  practices. 
Keeping  up  to  date  on  the  release  of  patches  and  determining 
which  ones  apply  to  your  applications  and  networks  is  a  time- 
consuming  task,  he  says.  In  addition,  applying  the  patch,  testing 
whether  it  affects  the  performance  of  the  application  or  network, 
and  then  deploying  it  enterprisewide  requires  even  more  time 
and  could  slow  your  systems  down. 

Jerry  Maze,  CIO  of  Royal  Food  Service,  a  $60  million  enter¬ 
prise  that  supplies  produce  to  restaurant  chains,  is  typical 
when  it  comes  to  the  mid-market  CIO’s  view  of  patch  manage¬ 
ment.  Maze  doesn’t  follow  a  process  other  than  to  apply  patches 
released  by  Microsoft  and  to  make  sure  his  vendor  applies 
patches  to  the  payroll  system  it  operates.  “I  realize  there  are 
ways  to  make  this  happen  automatically  but  we  have  not  imple¬ 
mented  that,”  Maze  says.  “I’d  like  to,  but  there  are  too  many  other 
pressing  issues  right  now.” 

To  make  patch  management  less  cumbersome,  Williams 
suggests  mid-market  CIOs  keep  up  to  date  on  patches  that  are 


Cybercrooks  are  looking 
for  the  easiest  sites  to 
hit,  says  Tom  Sullivan, 
head  of  e-commerce  risk 
for  online  travel  site 
Expedia.  “That  site  may 
be  your  competitor . . . 


or  it  may  be  you. 


You  hope  it’s  not  you.” 
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specific  to  the  applications  and  systems 
that  provide  access  to  sensitive  infor¬ 
mation.  Firewalls  that  allow  access  to 
systems  and  data  through  a  Web  server 
should  get  more  attention  than,  say, 
those  connected  to  operating  systems. 
To  know  which  applications  and  sys¬ 
tems  are  most  critical,  you  will  have  to 
do  a  risk  assessment  or  a  threat-model¬ 
ing  exercise.  That  means  knowing  your 
business  and  where  the  most  sensitive 
data  is.  Talk  to  business  unit  leaders  to 
learn  where  sensitive  data  is  stored  and 
what  applications  are  used  to  access 
it.  That  list  then  becomes  your  “patch 
watch  list”  and  should  get  a  high  prior¬ 
ity  in  your  weekly  agenda. 

“You  really  have  to  think  about  this, 
but  the  time  is  well  spent,”  Williams 
says.  “Nothing  else  you  do  will  have 
such  a  big  impact  on  security.” 

How  to  Fight  Retail  Fraud 

Patches  may  be  a  good  way  to  fend  off 
hackers.  But  what  happens  when  the 
fraudsters  masquerade  as  legitimate 
customers  to  steal  account  informa¬ 
tion,  credit  card  numbers  or  to  make 
fraudulent  purchases?  For  mid-market 
merchants,  this  is  rapidly  becoming  an 
epidemic.  This  kind  of  fraud  “is  moving 
farther  downstream  to  the  smaller  and 
mid-size  online  merchants,”  says  Sulli¬ 
van.  “It’s  becoming  more  sophisticated 
and  organized.” 

But  how  you  secure  systems  against 
it  doesn’t  have  to  be  sophisticated  or 
costly.  Any  company  that  stores  sen¬ 
sitive  data  can  follow  some  basic  and 
inexpensive  processes  to  scan  for  fraud. 
Here  are  some  steps  security  experts  say 
you  can  take: 

»  Familiarize  yourself  with  buying 
patterns. 

An  unusual  increase  in  your  company’s 
sales  during  a  typically  slow  period 
could  indicate  fraud.  But  make  sure 
you  rule  out  other  causes.  Is  the  spike 
the  result  of  an  advertising  campaign, 
the  purchase  of  keywords  on  Google  or 
some  other  promotion?  “If  not,  I  would 
be  really  nervous  about  the  upswing,” 
Sullivan  says. 


Security  Questions  to  Ask 
Your  Software  Vendor 

Developers  are  more  focused  on  making  software  work 
than  on  making  it  secure.  This  is  not  a  criticism; 

it’s  just  a  fact  of  life. 


Security  Innovation,  a  risk  assessment  consultancy,  provides  questions  you  can 
ask  a  software  vendor  about  its  development  processes.  The  answers  you  get 
will  tell  you  just  how  much  effort  is  put  into  security.  It’s  up  to  you  how  much  risk 
you  want  to  assume. 


Do  you  review 
•  security  at  each 
phase  of  the  software 
development  lifecycle? 
A  good  answer:  Yes,  we 
have  integrated  reviews 
into  our  product  devel¬ 
opment  lifecycle,  from 
requirements  definition 
to  code  development 
and  testing. 

Likelihood  of  getting  this 
answer:  Almost  zero. 
Even  companies  that 
have  created  secure 
development  best  prac¬ 
tices,  like  Microsoft, 
have  implemented  them 
only  on  a  small  portion 
of  their  applications. 

2  What  methodolo- 
•  gies  do  you  use  for 
security  testing  your 
products? 

A  good  answer:  We  have 
adopted  methodologies 
from  a  respected  secu¬ 
rity  consultancy  or  large 
software  vendor. 
Likelihood  of  getting 
this  answer:  Small. 
Although  some  meth¬ 
odologies  are  required 
reading  and  have  been 
adopted  by  companies 
like  Adobe,  McAfee  and 
Symantec,  a  majority 


of  companies  have  yet 
to  adopt  them.  Most 
software  development 
teams  don’t  consider 
security  testing  to  be 
their  responsibility. 

3  Do  third  parties 
•  conduct  security 
assessments  on  your 
products? 

A  good  answer:  Yes,  we 
have  a  pool  of  applica¬ 
tion  security  companies 
we  use  to  conduct  inde¬ 
pendent  assessments 
on  all  of  our  products. 
Likelihood  of  getting 
this  answer:  50  percent. 
This  is  up  from  about 
25  percent  two  years 
ago.  Third-party  secu¬ 
rity  assessments  are 
increasingly  a  manda¬ 
tory  requirement  and 
show  up  in  RFPs  and 
SLAs  for  packaged  and 
on-demand  software. 

Do  you  have 
•  security  squads 
that  attack  your  prod¬ 
ucts  prior  to  release? 

A  good  answer:  Yes,  we 
create  an  internal  red 
team  that  acts  as  mali¬ 
cious  users  and  comple¬ 
ments  third-party 


security  assessments. 
Likelihood  of  getting 
this  answer:  20  percent. 
Though  red  teams  are 
a  growing  trend,  most 
companies  still  lack  the 
internal  expertise  to 
dedicate  staff  to  testing. 

5  Do  you  use  auto- 
•  mated  tools  for 
security  testing  or  code 
review? 

A  good  answer:  Yes,  we 
use  tools  from  this  rep¬ 
utable  vendor  for  code 
review  during  develop¬ 
ment  and  tools  from 
that  reputable  vendor 
for  security  scanning 
our  Web  applications 
after  deployment. 
Likelihood  of  getting 
this  answer:  20  percent. 
Adoption  of  automated 
tools  is  increasing,  but 
an  untrained  engineer 
doesn't  become  better 
because  he  learns  how 
to  use  AutoCAD.  He 
finds  value  in  the  tool 
only  after  he  is  trained 
to  use  it.  -A.H. 


For  10  more  questions  you 
should  be  asking,  go  to  the 
online  version  of  this  article 
at  www.cio.com/030107. 
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Mid-Market 


Security 


»  Know  where  the  majority  of  your  purchases  come  from. 

If  large  orders  are  being  sent  to,  say,  Tulsa  or  Boise  or  other 
places  where  you  rarely,  if  ever,  do  business,  that  could  indicate 
fraud.  Fraudsters  have  advertised  on  Monster.com  and  other 
job  sites  looking  for  people  willing  to  work  from  home,  make 
large  purchases  on  websites  and  then  send  the  goods  to  their 
home  address. 

»  Check  the  quantity  purchased. 

If  most  customers  purchase  one  or  two  of  a  particular  item  and 
you  see  a  single  purchase  for  much  more,  you  may  want  to  check 
out  the  buyer.  Call  the  customer,  and  if  he  declines  to  provide 
information  about  the  bank 


The  Enemy  Within 

Employees  account  for  about  90  percent  of  all  fraud  and  data 
theft  in  a  company,  according  to  a  recent  Ponemon  Institute  sur¬ 
vey.  Two-thirds  of  the  survey’s  respondents  also  cited  temporary 
employees,  as  well  as  disgruntled  and  terminated  employees,  as 


The  Scoop  on  Security 


Everything  you  need  to  know  about  security  (much  of  which  you're 
probably  afraid  to  ask)  can  be  found  in  our  ABCs  OF  SECURITY  tutorial 
at  www.cio.com/security/edit/security_abc.html. 

cio.com 


posing  the  greatest  security  risks,  according  to  the  security  and 
privacy  advocacy  group’s  2006  survey. 

By  building  a  profile  of  high-risk  employees,  you  can  know 
what  systems  to  monitor  and  thereby  lower  your  risk,  says 
Ken  Dejarnette,  who  specializes  in  security  and  data  protec¬ 
tion  at  Deloitte  &  Touche.  For  example,  focus  on  temporary 
employees  (typically  hired  during  seasonally  busy  times)  who 
have  access  to  sensitive  data.  These  employees  have  less  loy¬ 
alty  to  a  company  and  are  more  susceptible  to  being  oppor- 
tuned  to  steal. 

Call  centers  are  a  prime  target  for  fraud.  CIOs  can  reduce 

their  risk  there  by  following 
a  couple  of  simple  and  inex¬ 
pensive  rules,  says  Brian 
Contos,  author  of  the  book 
Enemy  at  the  Water  Cooler 
and  CSO  of  ArcSight,  an 
information  security  firm. 
Benchmark  what  a  typical 
call  to  the  center  looks  like 
and  then  periodically  scan 
the  database  for  calls  that  do 
not  fit  that  profile.  For  exam¬ 
ple,  if  a  typical  call  requires  a 
rep  to  access  one  file,  you  may 
want  to  flag  any  call  in  which 
a  rep  accesses  three  or  four 
files.  That’s  what  happened 
at  a  telephony  company 
where  private  investigators  working  on  divorce  cases  would 
call  to  ask  for  numerous  phone  records  to  use  in  their  investi¬ 
gations.  The  information  was  protected  by  privacy  laws.  The 
CIO  flagged  those  calls  in  which  call  center  reps  were  accessing 
more  than  one  file.  As  a  result,  as  many  as  14  call  center  reps 
were  fired. 

Pay  Less  Now  or  More  Later 

Security  experts  want  to  make  sure  that  mid-market  companies 
get  one  clear  message:  Common  sense  goes  a  long  way. 

CSI’s  Richardson  compares  it  with  going  into  a  dangerous 
part  of  town  for  dinner.  You  take  simple  precautions— parking 
on  a  well-lit  street,  locking  your  car— and  you  enjoy  your  meal. 

Mid-market  CIOs  should  approach  security  much  the  same 
way,  following  some  basic  precautions  that  will  do  a  lot  in  protect¬ 
ing  your  systems  even  if  it  doesn’t  build  an  impenetrable  wall. 
Any  statistician  will  tell  you  a  50  percent  reduction  in  your  risk  is 
huge.  These  steps,  if  followed,  can  provide  that  reduction,  secu¬ 
rity  experts  say.  Not  to  do  so,  Kocher  says,  “is  irrational.  Those 
who  have  been  attacked  and  lost  almost  everything  always  wish 
they’d  at  least  done  something.” 

Anything.  BE] 


To  comment  on  this  story,  go  to  the  online  version  at  www.c/o 
.com/030107. 
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or  credit  card  he  used,  Sulli¬ 
van  advises  that  you  decline 
the  purchase. 

(Scanning  purchases 
doesn’t  have  to  take  a  lot  of 
time  and  can  be  done  quickly 
by  downloading  the  files  into 
an  Excel  spreadsheet  and 
then  searching  appropriate 
columns  for  unusual  num¬ 
bers  or  addresses  or  pat¬ 
terns.  And  you  don’t  have  to 
buy  an  expensive  artificial 
intelligence  application  to 
do  so.  Kocher  of  Cryptogra¬ 
phy  Research  recommends 
mid-market  companies  hire  a 

college  student  to  sift  through  each  order.  “That  can  be  remark¬ 
ably  effective,”  he  says.  “Neural  networks  are  no  smarter  than  a 
smart  college  student.”) 

»  Compare  the  IP  address  with  the  physical  address. 

If  the  purchaser  says  he  lives  in  Denver  but  the  IP  address  is  in 
Georgia,  call  the  customer  to  verify  credit  card  information. 

»  Don’t  be  a  pack  rat. 

If  you  don’t  need  to  store  credit  card  numbers  or  any  personal 
information,  then  don’t.  Keep  the  information  for  as  long  as  you 
have  to  for  business  purposes,  such  as  during  a  billing  cycle, 
and  then  delete  it  from  all  databases.  If  you  don’t  have  personal 
information  in  your  system,  hackers  can’t  steal  it. 


If  you  don’t  need  to  store 
credit  card  numbers  or 
any  personal  information, 
then  don’t.  If  you  don’t 
have  personal  informa¬ 
tion  in  your  system, 


hackers  can’t  steal  it. 
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Consequences 


Trust  is  essential  to 
day-to-day  business- 
and  so  is  deception. 
What  happens  when 
the  two  collide  and 
trust  is  shattered? 
That's  the  focus  of 
new  research  by 
Wharton  professor 
Maurice  Schweitzer. 

BY  STEPHANIE 
OVERBY 


Deception  is  an  integral  part  of  life. 

Unseemly  as  it  may  sound,  everybody  lies— often  several  times  in 
one  day.  There  are  the  little  white  lies,  the  sins  of  omission,  outright 
deception.  And  none  of  this  is  necessarily  a  bad  thing,  says  Maurice 
Schweitzer,  associate  professor  of  operations  and  information  man¬ 
agement  at  the  Wharton  School  of  the  University  of  Pennsylvania. 

“Deception  is  more  nuanced  that  you  might  initially  suspect,”  says 
Schweitzer,  who  specializes  in  behavioral 
decision  research.  “Your  mom  might  exhort 
you  never  to  lie  and,  in  the  next  breath,  answer 
the  phone  and  tell  the  telemarketer  she’s  not 
home  right  now.  We  lie  all  the  time.” 

Love  that  sweater!  I  can’t  go  out— I’m 
washing  my  hair.  “A  lot  of  lies  we  tell  are  pro¬ 
social  and  help  us  get  along  with  people  bet¬ 
ter,”  says  Schweitzer.  “Deception  is  extremely 
functional  and  very  much  a  part  of  the  fabric  of  our  lives.” 

At  the  same  time,  trust  is  an  essential  element  in  all  social  rela¬ 
tionships,  including  those  at  work.  “Trust  is  the  social  glue  of  the 
economy.  It’s  the  glue  for  any  transaction,”  says  Schweitzer.  “You 
can’t  contract  for  everything.  Ideally,  at  the  base  there  is  some  trust 
in  individuals,  groups  and  institutions.” 

Any  CIO  who’s  ever  shepherded  a  big  project  that  came  in  late,  over 


Reader  ROI 

::  Why  trust  matters  in 
business  dealings 

::  How  deception  ruptures 
relationships 

”  How  CIOs  can  rebuild 
lost  trust 
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To  repair  trust  when  deception  is 
involved,  ‘“I’m  sorry’  just 
isn't  good  enough,”  says 

Maurice  Schweitzer,  associate 
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professor  at  the  Wharton  School 
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of  the  University  of  Pennsylvania. 
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budget  or  that  simply  underdelivered  knows 
just  how  destructive  a  broken  promise  can 
be  to  trust  between  IT  and  business. 

Although  trust  is  a  core  construct  in 
management  literature,  the  focus  of  much  of 
that  research  has  been  detecting  deception. 
Precious  little  examines  what  happens  after 
trust  is  broken.  You  spent  a  million  more 
than  expected  on  that  SAP  implementa¬ 
tion  that  you  swore  would  revolutionize 
the  enterprise  and  the  ROI  is  nowhere  to  be 
found.  Now  what? 

So  Schweitzer,  with  Wharton  colleagues 
John  C.  Hershey,  professor  of  operations 
and  information  management,  and  Eric  T. 
Bradlow,  professor  of  marketing,  conducted 
a  series  of  experiments  between  2000  and 
2004  to  uncover  what  happens  at  the  inter¬ 
section  of  deception  and  trust.  Some  of  the 
results  surprised  even  Schweitzer.  The  bad 
news?  Broken  trust,  when  accompanied 
by  deception,  is  harder  to  repair.  A  simple 
apology  does  little  to  reverse  the  damage. 
The  good  news?  Trust  is  less  fragile  than 
most  of  us  think.  And  a  promise  to  change 
things  followed  by  visible  positive  actions 
can  go  a  long  way  in  mending  trust. 

Schweitzer  talked  to  CIO  about  his  find¬ 
ings  and  what  they  can  teach  the  CIO  about 
managing  expectations,  repairing  broken 
trust  and  making  promises  you  can’t  keep. 

Why  explore  the  issues  at  the  intersection  of 
trust,  deception,  apologies  and  promises? 

I  teach  a  negotiations  class,  and  deception 
is  a  very  chronic  problem,  so  that  got  me  to 
thinking  about  deception  more  deeply.  A 
lot  of  lies  we  tell  are  pro-social:  “That  dress 
makes  you  look  terrific!”  “What  a  great  hair¬ 
cut!”  There’s  a  whole  class  of  lies  that  help 
us  get  along  in  a  much  more  functional  way. 
At  the  same  time,  trust  is  the  glue  that  holds 
together  any  social  relationship. 

If  you  look  at  deception  literature,  an 
enormous  amount  is  focused  on  how  to 
catch  liars.  And  there  has  been  a  good  deal 
written  about  the  ethics  of  lying.  But  there’s 
little  on  what  happens  once  somebody  lies. 

The  common  wisdom  has  been  that  trust, 
once  broken,  is  impossible  to  repair.  Trust 
recovery  is  slow  or  difficult.  Or  trust  recov¬ 
ers,  but  never  fully.  People  have  always 
talked  about  trust  as  if  it  were  glass:  easy  to 
break  and  difficult  to  repair.  As  I  began  to 


"People  have  always  talked 
about  trust  as  if  it  were 
glass:  easy  to  break  and 
difficult  to  repair.  That 
seemed  wrong  to  me. 

In  many  cases,  trust  gets 
repaired." 

-MAURICE  SCHWEITZER 


think  about  deception,  that  seemed  wrong 
to  me.  With  some  relationships,  you  violate 
trust  and  the  relationship  ruptures  com¬ 
pletely.  But  in  many  settings,  particularly 
the  office,  the  relationship  continues.  And 
in  many  cases,  trust  gets  repaired. 

The  question  I  wanted  to  answer  was, 
How  does  deception  harm  trust? 

You  tested  your  theories  with  a  money  game. 
How  did  you  set  that  up? 

We  had  to  agree  on  a  definition  of  trust.  The 
meaning  agreed  upon  was  “a  willingness 
to  accept  vulnerability  based  upon  positive 
expectations  about  another’s  behavior.” 

To  find  out  what  happens  when  that 
trust  is  harmed,  individuals  were  paired 
with  each  other  in  a  trust  game  involving 
money.  One  player  in  each  pair  (the  “odd” 
player)  was  given  $6  in  each  round,  which 
they  could  either  keep  or  pass  to  the  other 
person  (the  “even”  player).  If  the  odd  player 
kept  the  $6,  the  round  ended  and  the  even 
player  got  nothing.  If  the  odd  player  passed 
the  $6  to  the  even  player,  it  tripled  to  $18  and 
the  even  player  could  decide  how  much  to 
return  to  the  odd  player. 

We  used  money  because  it  gave  partici¬ 
pants  something  they  actually  cared  about. 
They  were  trusting  this  money  to  someone 
with  the  expectation  that  if  they  did,  that 
money  would  grow  and  the  other  person 
would  return  some  of  it  to  them.  Why 
would  I  loan  you  money?  You  do  that  with 
the  expectation  that  you’ll  receive  something 


positive  from  that  going  forward. 

We  explored  how  trust  is  harmed  by 
untrustworthy  behavior  and  untrustworthy 
behavior  accompanied  by  deceptive  behavior, 
and  how  apologies,  promises  [and]  subse¬ 
quent  trustworthy  behavior  affected  trust. 

A  key  aspect  of  our  experiment  favored 
trust  recovery.  We  didn’t  let  the  relationship 
rupture.  Players  had  to  continue  playing 
even  when  one  acted  in  an  untrustworthy 
manner.  But  relationships  sometimes  rup¬ 
ture.  If  your  spouse  violates  your  trust,  you 
may  separate.  But  if  your  boss  does,  you  may 
just  have  to  deal  with  it.  The  relationship 
may  or  may  not  recover. 

What  did  you  discover? 

We  went  in  with  a  clear  set  of  predictions 
that  the  assumption  that  trust  is  extraordi¬ 
narily  fragile  is  not  right.  And  our  results 
suggested  it  was  not  right.  We  found  that 
trust  could  be  effectively  restored  when 
individuals  observed  a  consistent  series  of 
trustworthy  actions,  such  as  having  money 
returned  to  them  each  round.  Or  when  a 
promise  was  made  to  change:  “I  give  you  my 
word.  I  will  always  return  $9  every  round, 
including  the  last  one.”  People  were  very 
receptive  to  that.  In  fact,  we  were  surprised 
how  quickly  trust  was  restored.  And  in 
some  cases,  the  trust  eventually  recovered 
completely.  The  promise  to  change,  however, 
only  worked  initially  if  it  wasn’t  accompa¬ 
nied  by  a  delivery  on  that  promise.  Trust 
recovered  a  bit  but  it  never  fully  recovered. 
It  leveled  off  after  awhile  as  if  [the  injured 
party]  had  written  that  person  off. 

When  a  person’s  trust  was  violated— and 
that  violation  included  deception— it  was 
much  more  difficult  to  restore,  even  when 
followed  by  a  series  of  trustworthy  actions 
or  promises.  We  didn’t  anticipate  just  how 
harmful  deception  would  be  to  trust.  We 
also  thought  that  an  apology  would  be  more 
effective  in  trust  recovery  than  it  was.  The 
apology— “I  really  screwed  up.  I  shouldn’t 
have  done  that.  I’m  very  sorry  I  tried  taking 
so  much  these  last  two  rounds”— did  little. 
We  thought  that  it  would  be  more  effective. 

It  may  be  that  the  apology  didn’t  go  far 
enough.  Apology  has  to  be  perceived  as  sin¬ 
cere.  It  has  to  indicate  remorse  and  a  plan  to 
change.  An  effective  apology  can  be  power¬ 
ful.  But  “I’m  sorry”  just  isn’t  good  enough. 
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Gross  national  product:  From  legal 
activities,  $5MM.  From  illegal  activities, 
$167  Billion. 


Per  capita  income:  99%  live  on  less 
than  $1 0/week;  1  %  cavort  like 
Donald  Trump 


Main  industries:  Key  logging,  yak  jerky 
production,  phishing 


Counterfeit  ATM  cards  per  capita:  17.3 


Chief  exports:  V1a@GRA  and  Ciali  s 


National  bird:  Roasted  vulture 


National  anthem:  ‘I  Sing  ot  Proud 
Hackistan,  Land  of  My  Mother's 
Facial  Hair" 


Hackistan  leader  shakes 
confidence  of  I.T.  world. 

Conventional firewalls  unable  to  withstand  expected  onslaught. 


The  conclusions  ot  the  Hackistan  Study 
Group  (HSG)  offer  an  alarming  assess¬ 
ment  of  the  hacking  threats  posed  by 
this  rogue  nation. 

Hackistan  has  toyed  with  security  profes¬ 
sionals  ever  since  a  state-sponsored  team  of 
digital  terrorists  hacked  into  the  FAA  database 
and  put  Harry  Truman  on  a  no-fly  list.  But  the 
situation  is  worsening,  as  the  report  cites  “an 
alarming  investment  in  Hackistan’s  elite  Bot 
Army.”  It  noted  that  “the  growing  sophistication 
of  their  logic  bombs,  Trojans  and  SQL  injection 
techniques  is  gravely  disturbing.” 

Many  are  banking  on  California-based 
Fortify  Software,  a  leader  in  software  security,  to 
neutralize  these  threats.  Commenting  on  Fortify’s 
groundbreaking  approach,  the  report  said  that 
“protecting  applications  at  the  code  level  is 
increasingly  being  viewed  as  the  only  viable  path 
to  creating  confidence  in  a  very  dangerous  world.” 
Contacted  at  Fortify’s  global  headquarters, 


John  M.  Jack,  the  company’s  CEO,  was 
undaunted  by  Hackistan’s  bluster, 
commenting  that  “true,  for  the  rest  of 
the  security  industry  they  are  a  devas¬ 
tating  threat.  For  us,  they’re  amateurs 
who  couldn’t  break  into  my  daughter’s 
Kevin  Federline  lunch  box.”  He  added 


Lifetime  Despot  Zorkul 
of  Hackistan 


“We  are  able  to  identify  and  fix  vulnerabilities 
throughout  the  entire  development  process.  We 
anticipate  that  frustrated  hackers,  hungry  and 
broke,  will  have  to  move  back  in  with  their 
parents  in  record  numbers.” 

No  Hackistan  official  was  available  for  com¬ 
ment,  but  a  blog  post  that  is  believed  to  come 
from  a  senior  Hackistan  official  (or  even 
Lifetime  Despot  Zorkul  himself)  mocked  the 
security  efforts  of  government  and  industry, 
saying  that  “the  chances  of  the  world  getting 
serious  about  code  security  are  about  as  likely  as 
John  Jack  waking  up  with  a  full  head  of  hair.” 

“The  study  group  warned  against 
prO'Hackistan  propaganda  that  appears  on 
web  sites  like  www.discoverhackistan.com.” 


CEO  Jack  fired  back:  “I  have  ultimate 
confidence  that  our  products  Fortify  SCA, 
Fortify  Tracer  and  Fortify  Defender  will  block 
Hackistan’s  nefarious  plans.  Zorkul’s  desperation 
is  also  apparent;  he  has  chosen  to  attack  me  on 
the  follicle  level  because  they  are  powerless  to 
reach  us  on  the  code  level.” 


Leading  the  fight  against 
Hackistan  is  an  innovative 
high-tech  company  called  Fortify 
Software.  The  company  said  it  will 
not  rest  until  Hackistan  is  turned 
into  a  Club  Med  vacation  spot. 
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What  can  CIOs  learn  from  this  research? 

Be  very  careful  about  making  promises  or 
commitments  you  can’t  keep.  Inevitably 
there  is  going  to  be  a  time  when— inten¬ 
tionally  or  unintentionally— you  let  people 
down.  But  you  should  recognize  that  if  a 
relationship  doesn’t  rupture  completely, 
chances  for  rebuilding  trust  are  very  high. 

When  it  comes  to  CIOs,  people  may  have 
inflated  expectations  of  IT.  Or  there  may  be 
deadlines  that  they  expect  you  to  meet  that 
you  miss.  There’s  also  something  called  a 
psychological  contract.  For  example,  an 
IT  employee  has  a  psychological  contract 
with  the  CIO  that  involves  what  the  worker 
expects  that  isn’t  written  down.  Those  are 
almost  invariably  violated  because  no  one 
is  sure  of  those  expectations.  Then  there  are 
things  a  CIO  might  never  have  promised- 
daily  backups  of  data— but  people  assumed 
the  IT  department  was  doing. 

It’s  impossible  to  manage  every  expecta¬ 
tion.  So  it’s  important  to  figure  out  what  you 
need  to  do  to  repair  it  after  a  trust  violation 
occurs.  One  of  the  most  important  lessons 
from  the  research  is  that  words  can  be  very 
powerful  in  repairing  relationships,  specifi¬ 
cally  in  repairing  trust.  But  for  words  to  be 
powerful,  they  have  to  be  credible.  And  for 
them  to  be  credible,  you  can’t  have  lied  to 
people  in  the  past.  In  fact,  you  can’t  have  even 
overpromised  in  the  past.  For  example,  if  you 
are  going  to  lay  people  off,  a  CIO  should  not 
say,  “I’m  going  to  lay  off 200  people  and  that 
one  action  will  put  us  on  track  and  everyone 
else  will  be  safe.”  Making  that  kind  of  state¬ 
ment  with  conviction  risks  credibility  you 
might  need  later  if  you  have  to  come  back 
and  say,  “We  need  to  do  another  round  of 
layoffs.”  Employees  won’t  buy  it. 

If  you’re  a  new  CIO  coming  into  a  situa¬ 
tion  where  there’s  no  trust  in  the  IT  depart¬ 
ment,  it  might  serve  you  well  to  make  a  very 
specific  promise  about  how  things  are  going 
to  change.  A  promise  to  change  can  be  very 
effective.  But  you  need  to  make  sure  that  the 
actions  you’re  taking  are  clearly  observed. 


From  the  Archives 


Wharton  professor  Maurice  Schweitzer  has  also 
tackled  the  issue  of  INPUT  BIAS  in  his  research.  To 
find  out  more,  read  "Bias  Beware”  at  www.cio 
.com/030104/bias.html. 

cio.com 


"A  promise  to  change  can 
be  very  effective.  But.  you 
need  to  make  sure  that  the 
actions  you're  taking  are 
clearly  observed." 

-MAURICE  SCHWEITZER 


Make  sure  that  employees  can  see  your  staff 
coming  in  on  Saturdays  to  get  that  project 
done.  Have  the  IT  staff  interact  more  with 
the  business  so  they  know  what’s  going 
on.  People  are  usually  willing  to  give  you  a 
chance,  but  you  have  to  work  hard  to  follow 
through  on  the  promises  you  make. 

Does  context  matter  when  trust  is  broken? 

A  critical  question  for  managers  across 
industries  involves  the  role  of  trust  in 
their  business  and  the  nature  of  the  viola¬ 
tion.  When  Arthur  Andersen  committed 
accounting  violations,  the  firm  faced  a  seri¬ 
ous  threat  to  its  business.  They  were  sell¬ 
ing  a  seal  of  approval.  When  that  seal  is  less 
credible,  it  has  less  value.  But  when  Martha 
Stewart  commits  an  accounting  violation, 
she  has  not  fundamentally  threatened  her 
business— aside  from  her  absence— because 
she  is  selling  style  advice.  Advice  about  dec¬ 
orating  is  not  related  to  her  lying. 

The  message  of  my  research  is  that  trust 
recovery  can  happen,  but  the  receiver  needs 
to  believe  the  message  and  perceive  that  he 
hasn’t  been  lied  to  previously.  Senior  man¬ 
agers  at  HP  or  Enron  would  have  needed  to 
convince  their  audience  that  the  untrust¬ 
worthy  act  would  not  be  repeated,  and  they 
would  want  others  to  observe  their  future 
behavior.  This  can  take  the  form  of  volun¬ 
tary  decisions  to  “open  their  books”  or  have 
independent  auditors  inspect  their  work. 
Greater  transparency  can  be  a  big  help. 

Understanding  how  trust  works  is  key  for 
executives— like  CIOs— who  work  globally. 

Yes.  One  strength  of  the  U.S.  economy  is  that 


most  Americans  are  trusting.  They  trust  its 
institutions.  You  can  fly  to  Cincinnati,  sign 
a  contract,  get  back  on  the  plane  and  assume 
the  deal  you  signed  is  going  to  happen. 

In  many  developing  economies,  that’s  not 
the  case.  Business  becomes  encumbered  by 
rituals  that  have  been  put  in  place  to  develop 
relationships.  You  can’t  meet  a  total  stranger 
and  agree  on  a  large  transaction  in  a  short 
period  of  time.  China  is  the  obvious  example. 
If  you’re  doing  business  there,  it’s  essential 
to  develop  relationships  and  spend  a  lot  of 
time  going  to  banquets  and  making  toasts 
and  traveling  to  different  events.  The  build¬ 
ing  block  for  business  there  is  trust  in  the 
individual.  American  companies  have  a 
lot  of  trouble  when  they  swap  out  manag¬ 
ers  there  every  few  years  or  so  and  the  new 
manager  has  to  start  all  over  to  build  that 
relationship  and  that  trust. 

You’ve  researched  the  effects  of  emotions  on 
trust.  How  does  that  tie  in? 

We  looked  at  the  influence  of  incidental  emo¬ 
tions  on  trust.  You  get  a  speeding  ticket  just 
before  a  board  meeting.  Or  you  find  out  you 
got  a  promotion  before  meeting  with  a  new 
vendor.  We  did  extensive  tests  to  find  out 
how  emotions  influence  trust  judgments. 

We  found  out  that  they  have  a  very  big 
impact.  When  you  go  into  that  meeting  with 
the  new  vendor,  you’ll  ask  yourself,  “Do 
I  trust  them?”  And  if  you  just  don’t  know, 
you’ll  go  to  your  emotions.  “How  do  I  feel?  I 
feel  pretty  good.”  You’ll  make  a  positive  trust 
judgment  based  on  emotions  unrelated  to 
the  actual  situation. 

It’s  important  to  take  that  into  account 
when  trying  to  earn  or  keep  trust.  That’s 
why  a  really  good  salesperson  may  tell  a 
joke  to  try  to  affect  someone’s  emotion.  If 
you  encounter  someone  in  an  emotional 
state  that  might  negatively  influence  their 
judgment,  there  are  three  strategies.  Change 
the  emotion:  Tell  a  joke  or  comment  on  the 
weather.  Recognize  the  source  of  emotion:  “I 
was  really  sorry  to  hear  what  happened  to 
your  house.”  Or  harness  good  emotions:  “I 
heard  your  kid  got  into  Stanford!”  You  have 
to  be  emotionally  savvy.  EH 


Senior  Editor  Stephanie  Overby  can  be  reached 
at  soverby@cio.com.  To  comment  on  this  article, 
go  to  the  online  version  at  www.cio.com/030107. 
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»  If  keeping  up  with  IP  security  requirements  and  compliance  is  important  to  your 
branch  operations,  good  news:  Juniper  makes  any  branch  network  better.  Our  Secure 
Services  Gateway  features  the  multi-layered  network-  and  application-level  protection  your 
enterprise  demands,  plus  enough  horsepower  to  ensure  your  security  solution  is  never  a 
LAN  or  WAN  bottleneck. 

Industry  insiders  say  remote  offices  are  your  weakest  link.  But  Juniper’s  SSG  family  delivers 
the  muscle  to  protect  your  high-speed  LAN  as  well  as  your  WAN  —  at  all  branch  sites.  Find 
free  white  papers,  demos  and  more:  www.juniper.net/branch 
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EDITED  BY  DAVID  ROSENBAUM 


Howto  Implement  New  Ideas 


his  Forum  is  a  follow-up  to 
our  Jan.  1  column  ( www.cio 
.com/010107),  which  focused 
on  how  CIOs  can  create  innovative 
cultures.  Here,  we  explore  how  to  cre¬ 
ate  processes  for  innovation. 

On  the  surface,  putting  “innovation” 
and  “process”  together  seems  oxymo- 
ronic.  Process  conjures  boundaries; 
innovation,  some  say,  is  best  fostered 
in  unfettered  environments.  But  smart 
CIOs  understand  the  need  for  both  in 
pursuit  of  the  new. 

From  Concept  to  Rollout 

Through  an  initiative  called  “Connect 
and  Develop,”  Procter  &  Gamble’s 
CEO  has  mandated  that  50  percent  of 
the  company’s  innovation  come  from 


outside  the  enterprise.  Robert  Scott, 
P&G’s  vice  president  of  innovation  and 
architecture,  Global  Business  Services 
(currently  on  loan  to  CincyTechUSA, 
an  organization  to  drive 
growth  in  Cincinnati),  is 
charged  with  realizing  this 
goal  in  IT. 

“You’re  going  to  have  to 
let  innovation  flow  in  and 
out  of  the  walls  of  your 
organization  and  in  and 
out  of  your  company,” 

Scott  says.  Therefore,  he 
built  connections  to  the  labs  of  P&G 
alliance  partners  like  IBM,  SAP  and 
Hewlett-Packard  and  conducts  regu 
lar  “discovery  journeys”  to  Silicon 
Valley.  For  the  “develop”  part  of  the 


ROBERT 

Procter  & 


mandate,  Scott  and  the  rest  of  P&G 
employ  “SIMPL”  (Simplified  Initiative 
Management  and  Product  Launch), 
which  shepherds  concepts  toward 
execution.  This  process 
is  broken  into  six  phases: 
Discovery,  the  search  for 
opportunities  and  ideas; 
Design,  where  concepts 
turn  into  prototypes; 
Qualify,  where  ideas  are 
validated;  Ready,  prepar¬ 
ing  for  launch;  Launch; 
and  Leverage,  a  step  Scott 
added  to  market  and  maximize  adop¬ 
tion  of  IT  solutions.  (See  the  online  ver¬ 
sion  of  this  article  for  more  details  and 
see  the  process  schematic  below.) 

Continued  on  Page  84 
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From  Dreams  to  Realities 


This  graphic  illustrates  both  the  high  level  and  some  granular  aspects  of  P&G’s  SIMPL  innovation 
process,  which  begins  with  the  discovery  of  ideas  and  proceeds  to  the  launch  of  an  initiative. 
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www.vi rtualacademy-cio.com 


VirtuaPAcademy  of 

Continuing  Education  for  Small 


With  constant  pressure  from  upstart  competitors  and  industry  giants  alike,  your  business 
depends  on  making  the  right  strategic  decisions. 


Making  the  right  choices  takes  knowledge.  You  must  effectively  address  Total  Cost 
of  Ownership  (TCO)  and  competitive  issues  ranging  from  topics  as  diverse  as  enhancing 
operational  efficiency  and  protecting  and  managing  your  data  to  upgrading  ERP 
capabilities  and  integrating  business  processes. 

In  short,  you  need  IT  answers,  and  the  Virtual  Academy  of  Technology  is  your  online 
resource  for  the  latest  information  from  industry  experts  and  new  ideas  from  your  peers. 


THE  VIRTUAL  ACADEMY  OF 
TECHNOLOGY  INCLUDES: 

»  Topic-focused  websites 
»  Exclusive  white  papers 
»  Focused  and  relevant  videos 
»  Real-world  case  studies 
»  Carefully  crafted  tutorials 
» Interactive  webcasts 


HTB 

Custom  Solutions  Group 


sponsored  by: 


TCO  AND  COMPETITIVE  EDGE- 
IT’S  ACADEMIC 

The  Virtual  Academy  of  Technology  is  a  one-stop  shop 
for  educational  resources  to  help  you  achieve  cost 
savings  and  gain  competitive  ground.  In  two  semester- 
long  sessions  (TCO  and  Competitive  Edge),  the  Academy 
presents  a  variety  of  convenient  learning  options. 

FREE  TICKET  TO 
Oracle  OpenWorld  2007 

There  are  even  special  incentives  for  participants  who 
successfully  satisfy  the  requirements  of  each  semester, 
including  an  exclusive  IDC  Workbook  and  a  chance  to 
win  a  free  ticket  to  Oracle  OpenWorld  in  2007. 

To  learn  more  about  the  Virtual  Academy  of  Technology  visit: 
www.virtualacademy-cio.com 


www.virtualacademy-cio.co 
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New  Is  Hard 

Change  management  is  key 


Q: 


What  is  the  most 
difficult  aspect  of  your 
innovation  process? 

According  to  Robert  Scott, 

VP  of  innovation  and  architec¬ 
ture,  Global  Business  Services, 
the  trickiest  part  of  Procter  &  Gamble’s 
innovation  process  is  the  Launch  step, 
when  an  IT  innovation  is  "commercial¬ 
ized,”  or  adopted  by  customers.  The  chal¬ 
lenge,  as  Scott  sees  it,  is  that  “even  if  you 
develop  something  that’s  good,  people 
are  slow  to  adopt  new  things.”  IT,  he  says, 
must  talk  about  what  it’s  done  in  such  a 
way  to  excite  users  and  compel  them  to 
change  their  behavior.  Scott  has  tapped 
P&G’s  own  marketing  experts  and  hired 
external  firms  to  help  him  tell  a  better 
story  about  the  innovations  his  organiza¬ 
tion  is  delivering. 

Bayer  North  America  CIO  Claudio 
Abreu  also  sees  change  management 
as  an  important  part  of  the  innovation 
process.  “Change  is  not  easy;  it  takes  a  lot 
of  commitment  and  leadership  from  the 
CIO,”  he  says.  To  make  sure  the  innovation 
process  is  embraced,  Abreu  participates 
personally  in  innovation  team  meetings. 

For  Carolyn  Byerly,  CIO  of  Stanford 
Hospital  &  Clinics,  the  first  phase  of 
her  innovation  framework,  Sense,  was 
the  hardest  to  define  and  develop,  as  it 
wasn't  a  typical  part  of  project  manage¬ 
ment.  (For  Byerly's  process  grid,  go  to 
www.cio. com/030107.)  In  Sense,  the  IT 
team  learns  about  stakeholder  needs, 
conducts  research,  meets  with  vendors 
and  so  on.  It’s  not  so  much  about  gener¬ 
ating  ideas  but  about  getting  the  knowl¬ 
edge  that  can  create  a  vision  from  which 
an  idea  will  follow.  -W.G. 


The  Importance  of  Process 

At  Stanford  Hospital  &  Clinics,  CIO  Carolyn  Byerly  implemented  an 
innovation  process  framework  in  the  aftermath  of  a  decision  to  out¬ 
source  IT  to  remake  the  CIO’s  office  into  a  more  strategic  and  innova¬ 
tive  one.  “I  wanted  a  structured  way  to  select  ideas  and  take  them  all 
the  way  to  execution,”  says  Byerly.  Her  framework  includes  risk  analy¬ 
sis,  a  key  element  for  this  $1.4  billion  healthcare  organization. 

Byerly’s  five-phase  process  framework  encompasses  governance 
and  project  management  (to  see  Byerly’s  grid,  go  to  the  online  version 
of  this  story  at  www.cio. com/030107).  Each  phase  has  its  own  metrics, 
such  as  the  number  of  new  ideas  generated,  elapsed  time  to  selection 
and  the  percentage  of  internal  and  external  resources  used.  Byerly 
uses  the  metrics  to  report  on  the  progress  of  her  projects,  which  in  turn 
enhances  the  credibility  of  the  framework. 

Like  P&G,  Bayer  North  America  has  a  corporate  innovation  initia¬ 
tive  to  harness  ideas  wherever  they  exist.  Called  “Triple  I”  (Innova¬ 
tion,  Ideas,  Inspiration),  the  program  is 
supported  by  a  global  employee  portal.  All 
IT-related  ideas  are  sent  to  Claudio  Abreu, 
senior  VP  and  North  American  CIO,  Bayer 
Corporate  Business  Services,  who  turns 
them  over  to  an  innovation  team  that 
engages  business  users  to  validate  their 
potential  and  appeal.  If  the  business  likes 
the  solution  and  it’s  proven  viable,  the  idea 
goes  through  a  project  request  process  and 
moves  into  a  pilot  phase  and  then,  potentially,  to  production. 

One  notable  success  story  is  Bayer’s  implementation  strategy 
for  a  MySAP  upgrade  affecting  25,000  global  users.  Developed  via 
the  innovation  process,  it  improved  Bayer’s  ERP  implementation 
and  testing  results  through  a  combination  of  commercial  software 
tools  and  a  new  approach  to  engaging  the  business.  The  result  was 
a  MySAP  platform  designed  to  support  a  $9  billion  company  imple¬ 
mented  in  less  than  six  months. 

Advice  for  Innovators 

Ideas  can  come  from  anywhere  and  CIOs  must  seek  them  out  by 
forming  alliances,  through  staff  portals,  or  from  innovation  teams. 

CIOs  need  also  remember  that  for  every  upside  that  a  new  idea 
brings,  there’s  also  a  downside.  An  evaluation  and  testing  process 
allows  IT  to  understand  an  innovation’s  risk.  Risk  analysis  must  be 
part  of  any  innovation  methodology.  Finally,  create  a  process  that 
works  for  your  organization  and  make  sure  you’re  a  big  part  of  it. 


William  Golden  is  a  senior  program  managerforthe  CIO  Executive  Council.  To 
comment  on  this  article  go  to  the  online  version  at  www.cio.com/030107. 


CAROLYN  BYERLY 

Stanford  Hospital 


DThe  CIO  Executive  Council  is  a  professional  organization  for  CIOs  founded  by  CIO's  publisher.  To  learn  more  about  the  Council, 
visit  www.cioexecutivecouncil.com  or  contact  Vice  President  of  Development  Dexter  Siglin  at  dsiglin@cio.com  or  508  935-4493. 
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SunGard  provides  uncommonly  strong  techniques  to 
keep  your  IT  systems  available.  You’re  always  in  control, 
with  a  broad  range  of  hosting  and  recovery  services  at 
your  command.  You’re  always  confident,  because 
SunGard’s  extensive  redundancy,  highly  experienced 
people,  and  100%  recovery  success  rate  are  working 
in  your  favor. 

With  access  to  some  of  the  industry’s  most  extensive 
IT  resources,  you’re  able  to  achieve  precise  levels  of 
Information  Availability  across  the  enterprise.  Prioritize 
the  availability  of  each  critical  application — from  “always 


on”  to  advanced  recovery — while  knowing  that  your 
solution  can  seamlessly  scale  as  your  business  evolves. 
To  the  exact  degree  you  demand.  At  the  exact  time 
you  need  it. 

You  set  the  levels,  we’ll  do  the  rest.  SunGard  keeps 
you  in  control  with  a  more  precise  approach  to 
Information  Availability. 

C||Nf*  ARn  Keeping  People 
W  w  Pi  and  Information 

Availability  Services  Connected: 


BE  PREPARED.  FOR  A  FREE  COPY  OF  “SUNGARD’S  PANDEMIC  PREPAREDNESS  CHECKLIST” 

VISIT  WWW.AVAILABIL1TY.SUNGARD.COM/PANDEMIC  OR  CALL  1-800-468-7483 
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“The  great  leaders  are  like  the 
best  conductors  —  they  reach 
beyond  the  notes  to  reach  the 
magic  in  the  players.” 


—  Blaine  Lee, 

The  Power  Principle 
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Department  of 
Big  Scary  Numbers 

Things  are  either  very  good  or  very  bad 
Or  both.  You  be  the  judge. 

Cheers! 

Drinkers  earn  10  percent  to  14  percent  more 
money  at  their  jobs  than  teetotalers. 

SOURCE:  A  study  by  economists  Bethany  Peters  and  Edward  Stringhami 

Time  to  Renew? 

The  amount  (in  annualized  contract  value)  of  IT  outsourcing  services 
deals  that  are  set  to  expire  by  the  end  of  2008  is  $118  billion. 

SOURCE:  Everest  Research 

Making  (a  Lot)  in  China 

China’s  consumer  electronics  manufacturing  industry  will  more  than  double 
from  $71.5  billion  in  2006  to  $167  billion  in  2010. 

SOURCE:  In-Stat 

Heyr  Google!  Think  That's  Enough? 

The  approximate  number  of  IPv6  IP  addresses  that  Google  owns,  according  to  ARIN, 
which  allocates  the  addresses,  is  79  billion  billion  billion. 

SOURCE:  ARIN 

Rocks  in  Their  Head? 

Ice.com  paid  $7.5  million  to  Odimofor  the  domain  name  Diamond.com. 

SOURCE:  lce.com  and  Techjournalsouth.com 

Price  of  Phish  Going  Up 

Jeffrey  Brett  Goodin,  45,  who  was  convicted  of  phishing  via  AOL  in  January  and  will  be  sentenced  this  June, 
could  face  101  years  in  jail.  His  is  the  first  jury  trial  conviction  under  the  Can-Spam  Act  of  2003. 

SOURCE:  U.S.  Department  of  Justice 

Sneaky  People 

Security  vendor  Symantec  observes  7  million 
phishing  attempts  each  day. 

SOURCE:  Symantec 

There's  Growth,  and  Then  There's... 

YouTube's  value  as  of  February  2005:  $0.00 
YouTube’s  value  as  of  October  2006:  $1.65  billion  (in  Google  stock) 

SOURCE:  Google 

Another  Sign  of  the  Apocalypse 

The  average  age  of  ‘‘gamers’’  (serious  video  game  players)  is  41. 

SOURCE:  z  Media  Metrix 
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ILLUSTRATIONS  BY  MARC  ROSENTHAL 


Chill. 

Feeling  the  pressure  to  move  to  unified  communications  and  keep 
your  competitive  edge?  Relax.  Siemens'  award-winning  Open 
Communications  can  get  you  there  painlessly.  Our  OpenPath 
migration  strategies  ensure  full  lifecycle  value  from  your  technology 
investments,  even  when  business  needs  change,  and  offer  a  range  of 
deployment  models,  including  hosted  and  managed  service  options. 
With  Siemens,  the  choice  is  yours.  So  go  ahead — chill  out,  and 
take  a  minute  to  learn  more. 


Communication  for  the  open  minded 


www.siemens.com/us/open 


SIEMENS 
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The  alphabet  soup  of  SOX, 

COBIT,  and  ISO  is  connected  to  untold  stress  on  the  CEO,  CFO,  and  CIO 
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is  connected  to  the  call  for  a  clear  compliance  strategy  by  EOD 
is  connected  to  the  one  solution  for  defining,  controlling, 

and  governing  your  IT  policy  compliance  ASAP. 


Software  that  makes  compliance  more  manageable.  Aligning  IT  with  today’s  compliance  regulations  is 
complicated  and  costly.  We  understand  this  better  than  anyone.  Our  software  distills  the  most  common  compliance 
regulations  and  business  processes  into  clear,  actionable  IT  policies.  Our  Global  Services  team  then  works  for  you-from 
assessment  to  implementation-to  provide  a  solution  that’s  tailored  to  your  needs.  For  a  better  view  of  compliance, 
visit  symantec.com/confidence 

Confidence  in  a  connected  world. 


a  Symantec, 


